· 6 years ago · Aug 06, 2019, 06:46 PM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname mlsd.gov.sa ISP Saudi Telecom Company JSC
4Continent Asia Flag
5SA
6Country Saudi Arabia Country Code SA
7Region Eastern Province Local time 06 Aug 2019 20:24 +03
8City Jubail Postal Code Unknown
9IP Address 94.97.248.201 Latitude 27.011
10 Longitude 49.658
11=======================================================================================================================================
12#######################################################################################################################################
13> mlsd.gov.sa
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: mlsd.gov.sa
19Address: 94.97.248.201
20>
21#######################################################################################################################################
22[+] IP Address : 94.97.248.201
23
24[+] Headers :
25
26[+] Content-Type : text/html; charset=utf-8
27[+] Transfer-Encoding : chunked
28[+] Connection : keep-alive
29[+] Date : Tue, 06 Aug 2019 17:44:39 GMT
30[+] Server : Apache
31[+] Vary : Cookie,Accept-Encoding
32[+] X-Drupal-Cache : HIT
33[+] Etag : "1565112901-1"
34[+] X-XSS-Protection : 1; mode=block
35[+] X-Content-Type-Options : nosniff
36[+] X-Frame-Options : SameOrigin
37[+] Strict-Transport-Security : max-age=63072000; includeSubDomains
38[+] Content-Language : ar
39[+] Cache-Control : no-store, no-cache, must-revalidate, post-check=0, pre-check=0
40[+] Expires : Sun, 19 Nov 1978 05:00:00 GMT
41[+] Content-Encoding : gzip
42[+] Set-Cookie : LIPICINX=02c21cd651-ca25-42h4BfMhTzdQFrTdKi9RLLp1xRupG4Mn0APZdoMVbJBV88Vz82wicrDgbveykvUPk9baY; path=/
43
44[+] SSL Certificate Information :
45
46[+] countryName : SA
47[+] localityName : Riyadh
48[+] organizationName : Ministry Of Labor
49[+] organizationalUnitName : MOL IT
50[+] commonName : mlsd.gov.sa
51[+] countryName : US
52[+] organizationName : DigiCert Inc
53[+] organizationalUnitName : www.digicert.com
54[+] commonName : Thawte RSA CA 2018
55[+] Version : 3
56[+] Serial Number : 03935392608AFF781E000BA9978FCDAA
57[+] Not Before : May 8 00:00:00 2019 GMT
58[+] Not After : May 7 12:00:00 2020 GMT
59[+] OCSP : ('http://status.thawte.com',)
60[+] subject Alt Name : (('DNS', 'mlsd.gov.sa'), ('DNS', 'www.mlsd.gov.sa'), ('DNS', 'sd.mlsd.gov.sa'))
61[+] CA Issuers : ('http://cacerts.thawte.com/ThawteRSACA2018.crt',)
62[+] CRL Distribution Points : ('http://cdp.thawte.com/ThawteRSACA2018.crl',)
63
64[+] Whois Lookup :
65
66[+] NIR : None
67[+] ASN Registry : ripencc
68[+] ASN : 25019
69[+] ASN CIDR : 94.97.240.0/20
70[+] ASN Country Code : SA
71[+] ASN Date : 2008-06-25
72[+] ASN Description : SAUDINETSTC-AS, SA
73[+] cidr : 94.97.0.0/16
74[+] name : SAUDINET-INFRASTRUCTURE
75[+] handle : STCR1-RIPE
76[+] range : 94.97.0.0 - 94.97.255.255
77[+] description : DIA customer P2P links
78IP addresses are assigned statically
79[+] country : SA
80[+] state : None
81[+] city : None
82[+] address : STC complex, murslat, Riyadh
83P.O.Box: 295997
84Riyadh 11351
85Saudi Arabia
86[+] postal_code : None
87[+] emails : ['registry@stc.com.sa']
88[+] created : 2009-02-09T08:32:57Z
89[+] updated : 2019-02-17T17:17:14Z
90
91[+] Crawling Target...
92
93[+] Looking for robots.txt........[ Found ]
94[+] Extracting robots Links.......[ 62 ]
95[+] Looking for sitemap.xml.......[ Found ]
96[+] Extracting sitemap Links......[ 1791 ]
97[+] Extracting CSS Links..........[ 9 ]
98[+] Extracting Javascript Links...[ 7 ]
99[+] Extracting Internal Links.....[ 15 ]
100[+] Extracting External Links.....[ 28 ]
101[+] Extracting Images.............[ 30 ]
102
103[+] Total Links Extracted : 1941
104
105[+] Dumping Links in /opt/FinalRecon/dumps/mlsd.gov.sa.dump
106[+] Completed!
107#######################################################################################################################################
108[+] Starting At 2019-08-06 13:44:52.050432
109[+] Collecting Information On: https://mlsd.gov.sa/
110[#] Status: 200
111--------------------------------------------------
112[#] Web Server Detected: Apache
113[+] Xss Protection Detected !
114- Content-Type: text/html; charset=utf-8
115- Transfer-Encoding: chunked
116- Connection: keep-alive
117- Date: Tue, 06 Aug 2019 17:44:41 GMT
118- Server: Apache
119- Vary: Cookie,Accept-Encoding
120- X-Drupal-Cache: HIT
121- Etag: "1565112901-1"
122- X-XSS-Protection: 1; mode=block
123- X-Content-Type-Options: nosniff
124- X-Frame-Options: SameOrigin
125- Strict-Transport-Security: max-age=63072000; includeSubDomains
126- Content-Language: ar
127- Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
128- Expires: Sun, 19 Nov 1978 05:00:00 GMT
129- Content-Encoding: gzip
130- Set-Cookie: LIPICINX=02c21cd651-ca25-42FQ17ueHB_664ZltoIhtXb3OzSn_q4ZxdXF_xjPPvmUjQaP35x9yX5ECTQ-1OyTgtr1s; path=/
131--------------------------------------------------
132[#] Finding Location..!
133[#] as: AS25019 Saudi Telecom Company JSC
134[#] city: Riyadh
135[#] country: Saudi Arabia
136[#] countryCode: SA
137[#] isp: DIA Customer P2P links
138[#] lat: 24.7136
139[#] lon: 46.6753
140[#] org:
141[#] query: 94.97.248.201
142[#] region: 01
143[#] regionName: Ar Riyāḑ
144[#] status: success
145[#] timezone: Asia/Riyadh
146[#] zip:
147--------------------------------------------------
148[x] Didn't Detect WAF Presence on: https://mlsd.gov.sa/
149--------------------------------------------------
150[#] Starting Reverse DNS
151[!] Found 2 any Domain
152- mlsd.gov.sa
153- sd.mlsd.gov.sa
154--------------------------------------------------
155[!] Scanning Open Port
156[#] 80/tcp open http
157[#] 443/tcp open https
158--------------------------------------------------
159[+] Collecting Information Disclosure!
160[#] Detecting sitemap.xml file
161[!] sitemap.xml File Found: https://mlsd.gov.sa//sitemap.xml
162[#] Detecting robots.txt file
163[!] robots.txt File Found: https://mlsd.gov.sa//robots.txt
164[#] Detecting GNU Mailman
165[-] GNU Mailman App Not Detected!?
166--------------------------------------------------
167[+] Crawling Url Parameter On: https://mlsd.gov.sa/
168--------------------------------------------------
169[#] Searching Html Form !
170[-] No Html Form Found!?
171--------------------------------------------------
172[!] Found 47 dom parameter
173[#] http://qarar.ma3an.gov.sa/#
174[#] https://eservices.mlsd.gov.sa/#/login/
175[#] https://eservices.mlsd.gov.sa/#/login/
176[#] https://eservices.mlsd.gov.sa/#/login/
177[#] https://eservices.mlsd.gov.sa/#/userinformation
178[#] https://sd-eservices.mlsd.gov.sa/#/login
179[#] https://eservices.mlsd.gov.sa/#/login/
180[#] https://sd-eservices.mlsd.gov.sa/#/login
181[#] https://sd-eservices.mlsd.gov.sa/#/login
182[#] https://sd-eservices.mlsd.gov.sa/#/login
183[#] https://sd-eservices.mlsd.gov.sa/#/login
184[#] https://eservices.mlsd.gov.sa/#/login/
185[#] https://eservices.mlsd.gov.sa/#/login/
186[#] https://eservices.mlsd.gov.sa/#/login/
187[#] https://sd-eservices.mlsd.gov.sa/#/login
188[#] https://eservices.mlsd.gov.sa/#/login/
189[#] https://sd-eservices.mlsd.gov.sa/#/login
190[#] https://sd-eservices.mlsd.gov.sa/#/login
191[#] https://sd-eservices.mlsd.gov.sa/#/login
192[#] https://webportalstat.mlsd.gov.sa/MosaRehabilitation/#/home/enquiry
193[#] https://eservices.mlsd.gov.sa/#/login/
194[#] https://eservices.mlsd.gov.sa/#/login/
195[#] https://ca.gov.sa/#/login
196[#] https://mlsd.gov.sa//#carouselHelpControls
197[#] https://mlsd.gov.sa//#carouselHelpControls
198[#] https://eservices.mlsd.gov.sa/#/login/
199[#] https://eservices.mlsd.gov.sa/#/login/
200[#] https://eservices.mlsd.gov.sa/#/login/
201[#] https://eservices.mlsd.gov.sa/#/userinformation
202[#] https://sd-eservices.mlsd.gov.sa/#/login
203[#] https://eservices.mlsd.gov.sa/#/login/
204[#] https://sd-eservices.mlsd.gov.sa/#/login
205[#] https://sd-eservices.mlsd.gov.sa/#/login
206[#] https://eservices.mlsd.gov.sa/#/home/FAQs
207[#] https://sd-eservices.mlsd.gov.sa/#/login
208[#] https://sd-eservices.mlsd.gov.sa/#/login
209[#] https://eservices.mlsd.gov.sa/#/login/
210[#] https://eservices.mlsd.gov.sa/#/login/
211[#] https://eservices.mlsd.gov.sa/#/login/
212[#] https://sd-eservices.mlsd.gov.sa/#/login
213[#] https://eservices.mlsd.gov.sa/#/login/
214[#] https://sd-eservices.mlsd.gov.sa/#/login
215[#] https://sd-eservices.mlsd.gov.sa/#/login
216[#] https://sd-eservices.mlsd.gov.sa/#/login
217[#] https://webportalstat.mlsd.gov.sa/MosaRehabilitation/#/home/enquiry
218[#] https://eservices.mlsd.gov.sa/#/login/
219[#] https://eservices.mlsd.gov.sa/#/login/
220--------------------------------------------------
221[!] 1 Internal Dynamic Parameter Discovered
222[+] https://validator.w3.org/nu/?doc=https://mlsd.gov.sa/
223--------------------------------------------------
224[!] 2 External Dynamic Parameter Discovered
225[#] https://www.qiwa.sa/?utm_source=MLSD&utm_medium=Website_Banner&utm_campaign=Business_Registration
226[#] https://sealinfo.thawte.com/thawtesplash?form_file=fdf/thawtesplash.fdf&dn=WWW.MLSD.GOV.SA&lang=en
227--------------------------------------------------
228[!] 361 Internal links Discovered
229[+] https://mlsd.gov.sa/ar/rss.xml
230[+] https://mlsd.gov.sa/sites/default/files/favicon2.ico
231[+] https://mlsd.gov.sa/sites/default/files/css/css_woIztW8ifWHtEhGfGXbq1ML4NyjErttubWKldKUHDDE.css
232[+] https://mlsd.gov.sa/sites/default/files/css/css_YJo600u5DslEXHHEBzo7Whs7zYvH8oZK7MuO9r6-Ktg.css
233[+] https://mlsd.gov.sa/sites/default/files/css/css_Tsk_g9CCXF_Mntu02H4-rXzDnWZAa1hhS-kIGhdx7QE.css
234[+] https://mlsd.gov.sa/sites/default/files/css/css_UZKQHq62HOKE70JDIdMjjfRn1JIC9YV1VXhRL-j6-RM.css
235[+] https://mlsd.gov.sa/sites/default/files/css/css_kzG_E7UCNmfsdYAioW1R8Ae_DOoK9egzF3Vz4b_lLKg.css
236[+] https://mlsd.gov.sa///sites/all/themes/open_framework/fontawesome/css/font-awesome-ie7.min.css
237[+] https://mlsd.gov.sa///sites/all/themes/mlsd2019/css/style-undefined.css
238[+] https://mlsd.gov.sa///sites/all/themes/mlsd2019/css/style-undefined.css
239[+] https://mlsd.gov.sa///sites/all/themes/mosa/css/ie.css
240[+] https://mlsd.gov.sa///sites/all/themes/mlsd2019/assets/css/responsive.css
241[+] https://mlsd.gov.sa///sites/all/themes/mlsd2019/css/accss_normal.css
242[+] https://mlsd.gov.sa///sites/all/themes/mlsd2019/assets/icons/icon54/style.css
243[+] https://mlsd.gov.sa///ar
244[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D9%88%D8%B2%D8%A7%D8%B1%D8%A9
245[+] https://mlsd.gov.sa///ar/page/%D9%85%D8%B9%D9%84%D9%88%D9%85%D8%A7%D8%AA-%D8%B9%D9%86-%D8%A7%D9%84%D9%88%D8%B2%D8%A7%D8%B1%D8%A9
246[+] https://mlsd.gov.sa///ar/page/%D8%B1%D8%B3%D8%A7%D9%84%D8%A9-%D8%A7%D9%84%D9%88%D8%B2%D8%A7%D8%B1%D8%A9
247[+] https://mlsd.gov.sa///ar/page/%D9%82%D8%B7%D8%A7%D8%B9-%D8%A7%D9%84%D8%B9%D9%85%D9%84
248[+] https://mlsd.gov.sa///ar/page/%D9%82%D8%B7%D8%A7%D8%B9-%D8%A7%D9%84%D8%AA%D9%86%D9%85%D9%8A%D8%A9-%D8%A7%D9%84%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%D9%8A%D8%A9
249[+] https://mlsd.gov.sa///ar/page/%D9%85%D9%8A%D8%B2%D8%A7%D9%86%D9%8A%D8%A9-%D8%A7%D9%84%D9%88%D8%B2%D8%A7%D8%B1%D8%A9
250[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D9%85%D9%86%D8%A7%D9%81%D8%B3%D8%A7%D8%AA-%D9%88%D8%A7%D9%84%D9%85%D8%B4%D8%AA%D8%B1%D9%8A%D8%A7%D8%AA
251[+] https://mlsd.gov.sa///ar
252[+] https://mlsd.gov.sa///ar
253[+] https://mlsd.gov.sa///ar/page/%D9%88%D8%B2%D9%8A%D8%B1-%D8%A7%D9%84%D8%B9%D9%85%D9%84
254[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D8%B3%D9%8A%D8%B1%D8%A9-%D8%A7%D9%84%D8%B0%D8%A7%D8%AA%D9%8A%D8%A9
255[+] https://mlsd.gov.sa///ar/page/%D8%AA%D9%88%D8%A7%D8%B5%D9%84-%D9%85%D8%B9-%D8%A7%D9%84%D9%88%D8%B2%D9%8A%D8%B1
256[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D8%AC%D9%87%D8%A7%D8%AA-%D8%A7%D9%84%D8%AA%D9%8A-%D9%8A%D8%B1%D8%A3%D8%B3-%D8%A7%D9%84%D9%88%D8%B2%D9%8A%D8%B1-%D9%85%D8%AC%D9%84%D8%B3-%D8%A5%D8%AF%D8%A7%D8%B1%D8%AA%D9%87%D8%A7
257[+] https://mlsd.gov.sa///ar
258[+] https://mlsd.gov.sa///ar
259[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D8%AE%D8%B7%D8%B7-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B1%D8%A7%D8%AA%D9%8A%D8%AC%D9%8A%D8%A9-%D9%84%D9%84%D8%AA%D8%AD%D9%88%D9%84-%D8%A7%D9%84%D9%88%D8%B7%D9%86%D9%8A
260[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D8%A3%D9%87%D8%AF%D8%A7%D9%81-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B1%D8%A7%D8%AA%D9%8A%D8%AC%D9%8A%D8%A9
261[+] https://mlsd.gov.sa///ar/page/%D8%A7%D8%B3%D8%AA%D8%B1%D8%A7%D8%AA%D9%8A%D8%AC%D9%8A%D8%A9-%D8%A7%D9%84%D8%AA%D9%88%D8%B8%D9%8A%D9%81
262[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D8%AD%D9%83%D9%88%D9%85%D8%A9-%D8%A7%D9%84%D8%AE%D8%B6%D8%B1%D8%A7%D8%A1
263[+] https://mlsd.gov.sa///ar
264[+] https://mlsd.gov.sa///ar
265[+] https://mlsd.gov.sa///ar
266[+] https://mlsd.gov.sa///ar
267[+] https://mlsd.gov.sa///ar/page/%D9%85%D8%A8%D8%A7%D8%AF%D8%B1%D8%A7%D8%AA-%D9%88%D8%B4%D8%B1%D8%A7%D9%83%D8%A7%D8%AA
268[+] https://mlsd.gov.sa///ar/initiatives
269[+] https://mlsd.gov.sa///ar/partnerships
270[+] https://mlsd.gov.sa///ar
271[+] https://mlsd.gov.sa///ar
272[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D9%82%D8%B1%D8%A7%D8%B1%D8%A7%D8%AA-%D9%88%D8%A7%D9%84%D8%A3%D9%86%D8%B8%D9%85%D8%A9
273[+] https://mlsd.gov.sa///ar/procedures
274[+] https://mlsd.gov.sa///ar/decisions
275[+] https://mlsd.gov.sa///ar/decisions-archive
276[+] https://mlsd.gov.sa///ar
277[+] https://mlsd.gov.sa///ar
278[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D8%A8%D9%8A%D8%A7%D9%86%D8%A7%D8%AA-%D9%88%D8%A7%D9%84%D8%A5%D8%AD%D8%B5%D8%A7%D8%A1%D8%A7%D8%AA
279[+] https://mlsd.gov.sa///ar/page/%D8%B9%D9%86-%D8%A7%D9%84%D8%A8%D9%8A%D8%A7%D9%86%D8%A7%D8%AA-%D8%A7%D9%84%D9%85%D9%81%D8%AA%D9%88%D8%AD%D8%A9
280[+] https://mlsd.gov.sa///ar/media/prints
281[+] https://mlsd.gov.sa///ar/page/%D9%85%D8%B9%D9%84%D9%88%D9%85%D8%A7%D8%AA-%D9%88%D8%A5%D8%AD%D8%B5%D8%A7%D8%A1%D8%A7%D8%AA
282[+] https://mlsd.gov.sa///ar
283[+] https://mlsd.gov.sa///ar
284[+] https://mlsd.gov.sa///ar
285[+] https://mlsd.gov.sa///ar
286[+] https://mlsd.gov.sa///ar/queries
287[+] https://eservices.mlsd.gov.sa
288[+] https://sd-eservices.mlsd.gov.sa
289[+] https://mlsd.gov.sa///ar/news
290[+] https://mlsd.gov.sa///ar/event
291[+] https://mlsd.gov.sa///ar/videos
292[+] https://mlsd.gov.sa///ar/announcements
293[+] https://mlsd.gov.sa///ar/urv
294[+] https://mlsd.gov.sa///ar/contact-us
295[+] https://mlsd.gov.sa///ar/offices
296[+] https://mlsd.gov.sa///en/node
297[+] https://mlsd.gov.sa//tel:19911
298[+] https://mlsd.gov.sa///ar/node/225142
299[+] https://eservices.mlsd.gov.sa
300[+] https://sd-eservices.mlsd.gov.sa
301[+] https://mlsd.gov.sa///ar/queries
302[+] https://mlsd.gov.sa///ar/programs
303[+] https://mlsd.gov.sa///ar/policies/%D9%86%D8%B8%D8%A7%D9%85-%D8%A7%D9%84%D8%B9%D9%85%D9%84
304[+] https://mlsd.gov.sa///ar/policies/%D9%86%D8%B8%D8%A7%D9%85-%D8%A7%D9%84%D8%B6%D9%85%D8%A7%D9%86-%D8%A7%D9%84%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%D9%8A
305[+] https://mlsd.gov.sa///ar/policies/%D9%86%D8%B8%D8%A7%D9%85-%D8%A7%D9%84%D8%AC%D9%85%D8%B9%D9%8A%D8%A7%D8%AA-%D9%88%D8%A7%D9%84%D9%85%D8%A4%D8%B3%D8%B3%D8%A7%D8%AA-%D8%A7%D9%84%D8%A3%D9%87%D9%84%D9%8A%D8%A9
306[+] https://mlsd.gov.sa///ar/procedures
307[+] https://mlsd.gov.sa/ar/node/292734
308[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D8%B9%D9%81%D8%A7%D8%A1-%D8%B1%D8%B3%D9%88%D9%85-%D8%A7%D9%84%D8%AA%D8%A3%D8%B4%D9%8A%D8%B1%D8%A7%D8%AA-%D9%84%D8%B0%D9%88%D9%8A-%D8%A7%D9%84%D8%A7%D8%B9%D8%A7%D9%82%D8%A9
309[+] https://mlsd.gov.sa///ar/news
310[+] https://mlsd.gov.sa///ar/news/%D8%A7%D9%84%D8%B9%D9%85%D9%84-%D9%88%D8%A7%D9%84%D8%AA%D9%86%D9%85%D9%8A%D8%A9-%D8%A7%D9%84%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%D9%8A%D8%A9-%D8%AA%D8%B5%D8%AF%D8%B1-54-%D8%A3%D9%84%D9%81-%D8%AA%D8%A3%D8%B4%D9%8A%D8%B1%D8%A9-%D8%B9%D9%85%D9%84-%D9%85%D9%88%D8%B3%D9%85%D9%8A%D8%A9-%D9%84%D9%80-65-%D9%85%D9%86%D8%B4%D8%A3%D8%A9-%D9%81%D9%8A-%D8%AD%D8%AC-%D9%87%D8%B0%D8%A7-%D8%A7%D9%84%D8%B9%D8%A7%D9%85
311[+] https://mlsd.gov.sa///ar/news/%D8%A7%D9%84%D8%B9%D9%85%D9%84-%D9%88%D8%A7%D9%84%D8%AA%D9%86%D9%85%D9%8A%D8%A9-%D8%A7%D9%84%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%D9%8A%D8%A9-%D8%AA%D8%B5%D8%AF%D8%B1-54-%D8%A3%D9%84%D9%81-%D8%AA%D8%A3%D8%B4%D9%8A%D8%B1%D8%A9-%D8%B9%D9%85%D9%84-%D9%85%D9%88%D8%B3%D9%85%D9%8A%D8%A9-%D9%84%D9%80-65-%D9%85%D9%86%D8%B4%D8%A3%D8%A9-%D9%81%D9%8A-%D8%AD%D8%AC-%D9%87%D8%B0%D8%A7-%D8%A7%D9%84%D8%B9%D8%A7%D9%85
312[+] https://mlsd.gov.sa///ar/news/%D8%AD%D9%81%D8%A7%D8%B8%D8%A7%D9%8B-%D8%B9%D9%84%D9%89-%D8%AD%D9%82%D9%88%D9%82-%D8%B9%D9%85%D9%84%D8%A7%D8%A6%D9%87%D8%A7-%D8%A7%D9%84%D8%B9%D9%85%D9%84-%D9%88%D8%A7%D9%84%D8%AA%D9%86%D9%85%D9%8A%D8%A9-%D8%A7%D9%84%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%D9%8A%D8%A9-%D8%AA%D8%B9%D9%82%D8%AF-%D9%88%D8%B1%D8%B4%D8%A9-%D8%B9%D9%85%D9%84-%D9%85%D8%B9-%D9%85%D9%85%D8%AB%D9%84%D9%8A-%D9%82%D8%B7%D8%A7%D8%B9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D9%82%D8%AF%D8%A7%D9%85-%D9%88%D8%AA%D8%A4%D9%83%D8%AF
313[+] https://mlsd.gov.sa///ar/news/%D8%AD%D9%81%D8%A7%D8%B8%D8%A7%D9%8B-%D8%B9%D9%84%D9%89-%D8%AD%D9%82%D9%88%D9%82-%D8%B9%D9%85%D9%84%D8%A7%D8%A6%D9%87%D8%A7-%D8%A7%D9%84%D8%B9%D9%85%D9%84-%D9%88%D8%A7%D9%84%D8%AA%D9%86%D9%85%D9%8A%D8%A9-%D8%A7%D9%84%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%D9%8A%D8%A9-%D8%AA%D8%B9%D9%82%D8%AF-%D9%88%D8%B1%D8%B4%D8%A9-%D8%B9%D9%85%D9%84-%D9%85%D8%B9-%D9%85%D9%85%D8%AB%D9%84%D9%8A-%D9%82%D8%B7%D8%A7%D8%B9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D9%82%D8%AF%D8%A7%D9%85-%D9%88%D8%AA%D8%A4%D9%83%D8%AF
314[+] https://mlsd.gov.sa///ar/news/%D9%88%D8%B2%D8%A7%D8%B1%D8%A9-%D8%A7%D9%84%D8%B9%D9%85%D9%84-%D9%88%D8%A7%D9%84%D8%AA%D9%86%D9%85%D9%8A%D8%A9-%D8%A7%D9%84%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%D9%8A%D8%A9-%D8%AA%D8%AF%D8%B4%D9%86-%D9%85%D8%A8%D8%A7%D8%AF%D8%B1%D8%A9-%D8%A5%D8%B3%D9%86%D8%A7%D8%AF-%D8%A7%D9%84%D8%AE%D8%AF%D9%85%D8%A7%D8%AA-%D8%A7%D9%84%D8%AD%D9%83%D9%88%D9%85%D9%8A%D8%A9-%D9%84%D9%84%D9%82%D8%B7%D8%A7%D8%B9-%D8%BA%D9%8A%D8%B1-%D8%A7%D9%84%D8%B1%D8%A8%D8%AD%D9%8A
315[+] https://mlsd.gov.sa///ar/news/%D9%88%D8%B2%D8%A7%D8%B1%D8%A9-%D8%A7%D9%84%D8%B9%D9%85%D9%84-%D9%88%D8%A7%D9%84%D8%AA%D9%86%D9%85%D9%8A%D8%A9-%D8%A7%D9%84%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%D9%8A%D8%A9-%D8%AA%D8%AF%D8%B4%D9%86-%D9%85%D8%A8%D8%A7%D8%AF%D8%B1%D8%A9-%D8%A5%D8%B3%D9%86%D8%A7%D8%AF-%D8%A7%D9%84%D8%AE%D8%AF%D9%85%D8%A7%D8%AA-%D8%A7%D9%84%D8%AD%D9%83%D9%88%D9%85%D9%8A%D8%A9-%D9%84%D9%84%D9%82%D8%B7%D8%A7%D8%B9-%D8%BA%D9%8A%D8%B1-%D8%A7%D9%84%D8%B1%D8%A8%D8%AD%D9%8A
316[+] https://mlsd.gov.sa///ar/announcements
317[+] https://mlsd.gov.sa///ar/announcement/298950
318[+] https://mlsd.gov.sa///ar/announcement/298340
319[+] https://mlsd.gov.sa///ar/announcement/294523
320[+] https://mlsd.gov.sa///ar/queries/%D8%B1%D8%B5%D9%8A%D8%AF-%D8%B1%D9%88%D8%A7%D8%AF-%D8%A7%D9%84%D8%A3%D8%B9%D9%85%D8%A7%D9%84
321[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%A7%D9%84%D8%AA%D8%A3%D8%B4%D9%8A%D8%B1%D8%A7%D8%AA-%D8%A7%D9%84%D8%A8%D8%AF%D9%8A%D9%84%D8%A9-%D8%B9%D9%86-%D8%A7%D9%84%D8%AE%D8%B1%D9%88%D8%AC-%D8%A7%D9%84%D9%86%D9%87%D8%A7%D8%A6%D9%8A-%D8%A7%D9%84%D8%AA%D8%A3%D8%B4%D9%8A%D8%B1%D8%A7%D8%AA-%D8%A7%D9%84%D8%AA%D8%B9%D9%88%D9%8A%D8%B6%D9%8A%D8%A9
322[+] https://mlsd.gov.sa///ar/queries/%D8%A7%D9%84%D8%AA%D9%81%D9%88%D9%8A%D8%B6-%D8%A7%D9%84%D8%A7%D9%84%D9%83%D8%AA%D8%B1%D9%88%D9%86%D9%8A-%D9%84%D9%84%D8%B5%D9%84%D8%A7%D8%AD%D9%8A%D8%A7%D8%AA
323[+] https://mlsd.gov.sa///ar/queries/%D9%85%D8%A8%D8%A7%D8%AF%D8%B1%D8%A9-%D8%A7%D9%84%D9%81%D8%A7%D8%AA%D9%88%D8%B1%D8%A9-%D8%A7%D9%84%D9%85%D8%AC%D9%85%D8%B9%D8%A9-%E2%80%9C%D9%81%D8%B1%D9%88%D9%82%D8%A7%D8%AA-%D8%A7%D9%84%D9%85%D9%82%D8%A7%D8%A8%D9%84-%D8%A7%D9%84%D9%85%D8%A7%D9%84%D9%8A
324[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%B7%D9%84%D8%A8-%D8%A7%D9%84%D8%B3%D9%85%D8%A7%D8%AD-%D8%A8%D9%86%D9%82%D9%84-%D8%A7%D9%84%D8%AE%D8%AF%D9%85%D8%A9-%D8%AF%D9%88%D9%86-%D9%85%D9%88%D8%A7%D9%81%D9%82%D8%A9-%D8%B5%D8%A7%D8%AD%D8%A8-%D8%A7%D9%84%D8%B9%D9%85%D9%84
325[+] https://mlsd.gov.sa///ar/queries/%D8%A7%D9%84%D8%BA%D8%A7%D8%A1-%D8%AA%D8%A3%D8%B4%D9%8A%D8%B1%D8%A9-%D8%A7%D8%B3%D8%AA%D9%82%D8%AF%D8%A7%D9%85-%D8%B9%D9%85%D8%A7%D9%84%D8%A9-%D9%85%D9%86%D8%B2%D9%84%D9%8A%D8%A9
326[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A8%D9%8A%D8%A7%D9%86%D8%A7%D8%AA%D9%8A
327[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D9%85%D9%88%D8%A7%D9%81%D9%82%D8%A9-%D8%B9%D9%84%D9%89-%D9%86%D9%82%D9%84-%D9%88%D8%A7%D9%81%D8%AF-%D8%AE%D8%A7%D8%B5
328[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B9%D8%AA%D8%B1%D8%A7%D8%B6%D8%A7%D8%AA-%D9%88%D8%A7%D9%84%D8%AA%D8%B3%D9%88%D9%8A%D8%A7%D8%AA-%D8%B9%D9%84%D9%89-%D9%85%D8%AE%D8%A7%D9%84%D9%81%D8%A7%D8%AA-%D8%A7%D9%84%D8%B9%D9%85%D9%84
329[+] https://mlsd.gov.sa///ar/queries/%D8%A5%D9%84%D8%BA%D8%A7%D8%A1-%D9%85%D9%84%D9%81-%D9%85%D9%86%D8%B4%D8%A3%D8%A9
330[+] https://mlsd.gov.sa///ar/queries/%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%A7%D9%84%D8%A5%D9%84%D9%83%D8%AA%D8%B1%D9%88%D9%86%D9%8A
331[+] https://mlsd.gov.sa///ar/queries/%D8%A7%D8%B3%D8%AA%D8%B9%D8%A7%D8%AF%D8%A9-%D9%83%D9%84%D9%85%D8%A9-%D8%A7%D9%84%D9%85%D8%B1%D9%88%D8%B1
332[+] https://mlsd.gov.sa///ar/queries/%D8%A5%D8%B5%D8%AF%D8%A7%D8%B1-%D8%B4%D9%87%D8%A7%D8%AF%D8%A9-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D8%A9
333[+] https://mlsd.gov.sa///ar/queries/%D8%A5%D8%B5%D8%AF%D8%A7%D8%B1-%D8%B1%D8%AE%D8%B5-%D8%A7%D9%84%D8%B9%D9%85%D9%84-%D8%A8%D8%BA%D8%B1%D8%B6-%D8%A7%D9%84%D8%AE%D8%B1%D9%88%D8%AC-%D8%A7%D9%84%D9%86%D9%87%D8%A7%D8%A6%D9%8A
334[+] https://mlsd.gov.sa///ar/queries/%D8%A5%D8%B5%D8%AF%D8%A7%D8%B1-%D8%AA%D8%AC%D8%AF%D9%8A%D8%AF-%D8%B1%D8%AE%D8%B5-%D8%A7%D9%84%D8%B9%D9%85%D9%84
335[+] https://mlsd.gov.sa///ar/queries/%D8%B7%D9%84%D8%A8-%D8%B5%D8%B1%D9%81-%D9%85%D8%A4%D9%82%D8%AA-%D9%85%D8%B4%D8%B1%D9%88%D8%B7-%D9%84%D9%84%D8%B9%D9%82%D9%88%D8%AF-%D8%A7%D9%84%D8%AD%D9%83%D9%88%D9%85%D9%8A%D8%A9
336[+] https://mlsd.gov.sa///ar/queries/%D9%86%D9%82%D9%84-%D8%AE%D8%AF%D9%85%D8%A7%D8%AA-%D9%88%D8%A7%D9%81%D8%AF-%D8%A8%D9%8A%D9%86-%D9%81%D8%B1%D9%88%D8%B9-%D8%A7%D9%84%D8%B1%D9%82%D9%85-%D8%A7%D9%84%D9%85%D9%88%D8%AD%D8%AF
337[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%B7%D9%84%D8%A8-%D8%A7%D8%AB%D8%A8%D8%A7%D8%AA-%D9%83%D9%8A%D8%AF%D9%8A%D8%A9-%D8%A8%D9%84%D8%A7%D8%BA-%D8%AA%D8%BA%D9%8A%D8%A8
338[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A5%D8%B3%D8%AA%D9%82%D8%AF%D8%A7%D9%85-%D8%A8%D8%BA%D8%B1%D8%B6-%D8%A7%D9%84%D8%AA%D8%A3%D8%B3%D9%8A%D8%B3-%D8%A3%D9%88-%D8%A7%D9%84%D8%AA%D9%88%D8%B3%D8%B9
339[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%AA%D8%B3%D9%88%D9%8A%D8%A9-%D8%A7%D9%84%D9%88%D8%AF%D9%8A%D8%A9-%D9%84%D9%84%D8%AE%D9%84%D8%A7%D9%81%D8%A7%D8%AA-%D8%A7%D9%84%D8%B9%D9%85%D8%A7%D9%84%D9%8A%D8%A9
340[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%AA%D8%B3%D9%88%D9%8A%D8%A9-%D8%A7%D9%84%D9%88%D8%AF%D9%8A%D8%A9-%D9%84%D9%84%D8%AE%D9%84%D8%A7%D9%81%D8%A7%D8%AA-%D8%A7%D9%84%D8%B9%D9%85%D8%A7%D9%84%D9%8A%D8%A9
341[+] https://mlsd.gov.sa///ar/queries/%D9%86%D8%B7%D8%A7%D9%82%D8%A7%D8%AA-%D9%88%D8%A7%D9%84%D8%A7%D8%AD%D8%AA%D8%B3%D8%A7%D8%A8-%D8%A7%D9%84%D9%81%D9%88%D8%B1%D9%8A
342[+] https://mlsd.gov.sa/ar/nitaqat
343[+] https://mlsd.gov.sa///ar/queries/%D9%86%D9%82%D9%84-%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%AA%D8%A7%D8%A8%D8%B9%D9%8A%D9%86-%D8%A7%D9%84%D9%89-%D9%85%D9%86%D8%B4%D8%A3%D8%A9
344[+] https://mlsd.gov.sa///ar/queries/%D9%86%D9%82%D9%84-%D8%AE%D8%AF%D9%85%D8%A7%D8%AA-%D9%88%D8%A7%D9%81%D8%AF-%D8%A8%D8%B1%D9%82%D9%85-%D8%A7%D9%84%D8%AD%D8%AF%D9%88%D8%AF
345[+] https://mlsd.gov.sa///ar/queries/%D9%86%D8%B8%D8%A7%D9%85-%D8%AD%D9%85%D8%A7%D9%8A%D8%A9-%D8%A7%D9%84%D8%A3%D8%AC%D9%88%D8%B1wps
346[+] https://mlsd.gov.sa///ar/queries/%D9%86%D9%82%D9%84-%D8%AE%D8%AF%D9%85%D8%A7%D8%AA-%D9%88%D8%A7%D9%81%D8%AF
347[+] https://mlsd.gov.sa///ar/queries/%D9%81%D8%AA%D8%AD-%D9%85%D9%84%D9%81-%D9%85%D9%86%D8%B4%D8%A3%D8%A9-0
348[+] https://mlsd.gov.sa///ar/queries/%D8%B7%D9%84%D8%A8-%D8%A7%D8%B5%D8%AF%D8%A7%D8%B1-%D8%A7%D9%84%D8%AA%D8%A3%D8%B4%D9%8A%D8%B1%D8%A7%D8%AA
349[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%B7%D9%84%D8%A8-%D8%AA%D8%AC%D8%AF%D9%8A%D8%AF-%D8%AA%D8%B1%D8%AE%D9%8A%D8%B5-%D8%B4%D8%B1%D9%83%D8%A9-%D9%88%D9%85%D9%83%D8%AA%D8%A8-%D8%A7%D8%B3%D8%AA%D9%82%D8%AF%D8%A7%D9%85
350[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%B7%D9%84%D8%A8-%D8%A5%D8%B5%D8%AF%D8%A7%D8%B1-%D8%AA%D8%B1%D8%AE%D9%8A%D8%B5-%D8%B4%D8%B1%D9%83%D8%A9-%D9%88%D9%85%D9%83%D8%AA%D8%A8-%D8%A7%D8%B3%D8%AA%D9%82%D8%AF%D8%A7%D9%85
351[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%B5%D9%88%D8%AA%D9%83-%D9%85%D8%B3%D9%85%D9%88%D8%B9
352[+] https://mlsd.gov.sa/ar/urv
353[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%AA%D9%82%D8%AF%D9%8A%D9%85-%D8%A8%D9%84%D8%A7%D8%BA-%D8%AA%D8%BA%D9%8A%D8%A8
354[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%B1%D8%B5%D9%8A%D8%AF-%D9%84%D9%84%D8%A7%D8%B3%D8%AA%D9%82%D8%AF%D8%A7%D9%85-%D8%A8%D8%BA%D8%B1%D8%B6-%D8%A7%D9%84%D8%AA%D8%A3%D9%8A%D9%8A%D8%AF%D8%A7%D8%AA-%D8%A3%D9%88-%D8%A7%D9%84%D8%B9%D9%82%D9%88%D8%AF-%D8%A7%D9%84%D8%AD%D9%83%D9%88%D9%85%D9%8A%D8%A9
355[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B9%D8%AA%D8%B1%D8%A7%D8%B6-%D8%B9%D9%84%D9%89-%D9%85%D8%AE%D8%A7%D9%84%D9%81%D8%A7%D8%AA-%D8%A7%D9%84%D8%B9%D9%85%D9%84
356[+] https://mlsd.gov.sa///ar/queries/%D8%AA%D9%82%D9%8A%D9%8A%D9%85-%D8%A7%D9%84%D9%85%D9%86%D8%B4%D8%A3%D8%A9-%D9%81%D9%8A-%D9%86%D8%B7%D8%A7%D9%82%D8%A7%D8%AA
357[+] https://mlsd.gov.sa///ar/queries/%D8%AA%D8%BA%D9%8A%D9%8A%D8%B1-%D8%A7%D9%84%D9%86%D8%B4%D8%A7%D8%B7-%D8%A7%D9%84%D8%AA%D8%AC%D8%A7%D8%B1%D9%8A-%D9%84%D9%84%D9%85%D9%86%D8%B4%D8%A3%D8%A9
358[+] https://mlsd.gov.sa///ar/queries/%D8%AA%D8%B9%D8%AF%D9%8A%D9%84-%D8%A8%D9%8A%D8%A7%D9%86%D8%A7%D8%AA-%D8%AA%D8%B9%D8%A7%D9%82%D8%AF-%D8%B9%D8%A7%D9%85%D9%84
359[+] https://mlsd.gov.sa///ar/queries/%D8%A7%D9%84%D9%85%D9%88%D8%A7%D9%81%D9%82%D8%A9-%D8%B9%D9%84%D9%89-%D8%B9%D9%82%D8%AF-%D8%AA%D8%A3%D8%AC%D9%8A%D8%B1-%D8%AE%D8%AF%D9%85%D8%A7%D8%AA-%D8%B9%D9%85%D8%A7%D9%84%D8%A9
360[+] https://mlsd.gov.sa///ar/queries/%D8%A7%D9%84%D8%BA%D8%A7%D8%A1-%D8%A7%D9%84%D8%AA%D8%A3%D8%B4%D9%8A%D8%B1%D8%A7%D8%AA
361[+] https://mlsd.gov.sa///ar/queries/%D8%A7%D9%84%D8%AA%D8%B3%D8%AC%D9%8A%D9%84-%D9%81%D9%8A-%D8%A7%D9%84%D8%A8%D9%88%D8%A7%D8%A8%D8%A9-%D8%A7%D9%84%D8%A5%D9%84%D9%83%D8%AA%D8%B1%D9%88%D9%86%D9%8A%D8%A9
362[+] https://mlsd.gov.sa///ar/queries/%D9%84%D8%AC%D8%A7%D9%86-%D8%A7%D9%84%D9%81%D8%B5%D9%84-%D9%81%D9%8A-%D8%AE%D9%84%D8%A7%D9%81%D8%A7%D8%AA-%D9%88%D9%85%D8%AE%D8%A7%D9%84%D9%81%D8%A7%D8%AA-%D8%A7%D9%84%D8%B9%D9%85%D8%A7%D9%84%D8%A9-%D8%A7%D9%84%D9%85%D9%86%D8%B2%D9%84%D9%8A%D8%A9-%D9%88%D9%85%D9%86-%D9%81%D9%8A-%D8%AD%D9%83%D9%85%D9%87%D9%85
363[+] https://mlsd.gov.sa///ar/queries/%D8%B7%D9%84%D8%A8-%D8%AA%D8%A3%D8%B4%D9%8A%D8%B1%D8%A7%D8%AA-%D9%85%D9%88%D8%B3%D9%85%D9%8A%D8%A9-%D9%85%D8%A4%D9%82%D8%AA%D8%A9
364[+] https://mlsd.gov.sa///ar/queries/%D8%AF%D9%81%D8%B9-%D9%85%D8%AE%D8%A7%D9%84%D9%81%D8%A7%D8%AA-%D9%86%D8%B8%D8%A7%D9%85-%D8%A7%D9%84%D8%B9%D9%85%D9%84
365[+] https://mlsd.gov.sa///ar/queries/%D8%AA%D8%BA%D9%8A%D9%8A%D8%B1-%D9%85%D9%87%D9%86%D8%A9-%D9%88%D8%A7%D9%81%D8%AF
366[+] https://mlsd.gov.sa///ar/queries/%D8%AA%D8%B9%D8%AF%D9%8A%D9%84-%D9%85%D8%B3%D9%85%D9%89-%D8%A3%D9%88-%D9%86%D9%82%D9%84-%D9%85%D9%84%D9%83%D9%8A%D8%A9-%D9%85%D9%86%D8%B4%D8%A3%D8%A9
367[+] https://mlsd.gov.sa///ar/queries/%D8%A7%D9%84%D8%AA%D8%B9%D8%A7%D9%85%D9%84-%D9%85%D8%B9-%D9%88%D9%81%D8%A7%D8%A9-%D9%88%D8%A7%D9%81%D8%AF
368[+] https://mlsd.gov.sa///ar/queries/%D8%A5%D8%B9%D8%A7%D8%AF%D8%A9-%D8%A7%D9%84%D8%AD%D8%A7%D8%B3%D8%A8
369[+] https://mlsd.gov.sa///ar/queries
370[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D8%B4%D8%B9%D8%A7%D8%B1%D8%A7%D8%AA-%D8%A3%D9%87%D9%84%D9%8A%D8%A9-%D8%A7%D9%84%D9%82%D8%A8%D9%88%D9%84-%D8%A8%D9%85%D8%B1%D8%A7%D9%83%D8%B2-%D8%A7%D9%84%D8%B1%D8%B9%D8%A7%D9%8A%D8%A9-%D8%A7%D9%84%D9%86%D9%87%D8%A7%D8%B1%D9%8A%D8%A9
371[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A5%D8%B5%D8%AF%D8%A7%D8%B1-%D9%85%D8%B4%D9%87%D8%AF-%D8%B6%D9%85%D8%A7%D9%86%D9%8A
372[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%AA%D9%82%D8%AF%D9%8A%D9%85-%D8%B9%D9%84%D9%89-%D8%A7%D9%84%D9%85%D8%B3%D8%A7%D8%B9%D8%AF%D8%A9-%D8%A7%D9%84%D9%85%D9%82%D8%B7%D9%88%D8%B9%D8%A9
373[+] https://mlsd.gov.sa//" class=
374[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%B4%D9%87%D8%A7%D8%AF%D8%A7%D8%AA-%D8%A7%D9%84%D8%B1%D9%82%D9%85%D9%8A%D8%A9-%D9%84%D8%A7%D8%B6%D8%B7%D8%B1%D8%A7%D8%A8-%D8%A7%D9%84%D8%AA%D9%88%D8%AD%D8%AF
375[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A5%D8%AF%D8%A7%D8%B1%D8%A9-%D8%A7%D9%84%D8%AA%D8%A7%D8%A8%D8%B9%D9%8A%D9%86
376[+] https://mlsd.gov.sa///ar/queries/%D8%AA%D8%A3%D8%B3%D9%8A%D8%B3-%D8%AC%D9%85%D8%B9%D9%8A%D8%A9-%D8%AA%D8%B9%D8%A7%D9%88%D9%86%D9%8A%D8%A9-0
377[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D8%B9%D9%81%D8%A7%D8%A1-%D8%B1%D8%B3%D9%88%D9%85-%D8%A7%D9%84%D8%AA%D8%A3%D8%B4%D9%8A%D8%B1%D8%A7%D8%AA-%D9%84%D8%B0%D9%88%D9%8A-%D8%A7%D9%84%D8%A7%D8%B9%D8%A7%D9%82%D8%A9
378[+] https://mlsd.gov.sa///ar/queries/%D8%A7%D9%84%D8%AA%D9%82%D8%AF%D9%8A%D9%85-%D8%B9%D9%84%D9%89-%D8%A8%D8%B1%D9%86%D8%A7%D9%85%D8%AC-%D9%83%D9%81%D8%A7%D9%84%D8%A9-%D8%A7%D9%84%D8%A3%D9%8A%D8%AA%D8%A7%D9%85
379[+] https://mlsd.gov.sa//Non
380[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A5%D8%B9%D8%A7%D9%86%D8%A9-%D8%B2%D9%88%D8%A7%D8%AC-%D9%84%D9%84%D8%A3%D9%8A%D8%AA%D8%A7%D9%85
381[+] https://mlsd.gov.sa//Non
382[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%AA%D8%A3%D8%B3%D9%8A%D8%B3-%D8%B5%D9%86%D8%AF%D9%88%D9%82-%D8%B9%D8%A7%D8%A6%D9%84%D9%8A
383[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%AA%D8%A3%D8%B3%D9%8A%D8%B3-%D9%85%D8%B1%D9%83%D8%B2-%D8%A8%D8%AD%D9%88%D8%AB-%D9%88-%D8%AF%D8%B1%D8%A7%D8%B3%D8%A7%D8%AA-%D8%A3%D9%87%D9%84%D9%8A
384[+] https://mlsd.gov.sa///ar/queries/%D8%AA%D8%AD%D8%AF%D9%8A%D8%AB-%D8%A8%D9%8A%D8%A7%D9%86%D8%A7%D8%AA-%D8%A7%D9%84%D9%85%D8%B3%D8%AA%D9%81%D9%8A%D8%AF%D9%8A%D9%86-%D8%B6%D9%85%D8%A7%D9%86-%D9%88%D8%B1%D8%B9%D8%A7%D9%8A%D8%A9
385[+] https://eservices.mlsd.gov.sa/
386[+] https://mlsd.gov.sa///ar/queries/%D8%AA%D8%A3%D8%B3%D9%8A%D8%B3-%D9%85%D8%A4%D8%B3%D8%B3%D8%A9-%D8%A3%D9%87%D9%84%D9%8A%D8%A9
387[+] https://mlsd.gov.sa///ar/queries/%D8%AA%D8%A3%D8%B3%D9%8A%D8%B3-%D8%AC%D9%85%D8%B9%D9%8A%D8%A9-%D8%A3%D9%87%D9%84%D9%8A%D8%A9
388[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%B4%D9%87%D8%A7%D8%AF%D8%A7%D8%AA-%D8%A7%D9%84%D8%B1%D9%82%D9%85%D9%8A%D8%A9-%D9%84%D9%84%D8%AA%D8%B3%D9%87%D9%8A%D9%84%D8%A7%D8%AA-%D8%A7%D9%84%D9%85%D8%B1%D9%88%D8%B1%D9%8A%D8%A9
389[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A5%D8%B9%D8%A7%D9%86%D8%A9-%D8%A7%D9%84%D9%85%D8%A7%D9%84%D9%8A%D8%A9-%D9%84%D9%84%D8%A3%D8%B4%D8%AE%D8%A7%D8%B5-%D8%B0%D9%88%D9%8A-%D8%A7%D9%84%D8%A7%D8%B9%D8%A7%D9%82%D8%A9
390[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D9%80%D8%A9-%D8%AA%D9%82%D9%8A%D9%8A%D9%85-%D8%A7%D9%84%D8%A5%D8%B9%D8%A7%D9%82%D8%A9
391[+] https://eservices.mlsd.gov.sa/
392[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D9%80%D8%A9-%D8%A7%D9%84%D8%B4%D9%87%D8%A7%D8%AF%D8%A9-%D8%A7%D9%84%D8%B1%D9%82%D9%85%D9%8A%D8%A9-%D9%84%D8%AA%D8%AE%D9%81%D9%8A%D8%B6-%D8%A3%D8%AC%D9%88%D8%B1-%D8%A7%D9%84%D8%A5%D8%B1%D9%83%D9%80%D8%A7%D8%A8-%D9%84%D9%84%D8%B4%D8%AE%D8%B5-%D8%B0%D9%88%D9%8A-%D8%A7%D9%84%D8%A5%D8%B9%D8%A7%D9%82%D8%A9-%D9%88%D9%85%D8%B1%D8%A7%D9%81%D9%82%D9%87
393[+] https://mlsd.gov.sa///ar/queries/%D9%86%D8%B8%D8%A7%D9%85-%D8%AA%D8%AD%D8%AF%D9%8A%D8%AB-%D8%AC%D9%85%D8%B9%D9%8A%D8%A9-%D8%A3%D9%87%D9%84%D9%8A%D8%A9
394[+] https://mlsd.gov.sa///ar/queries/%D8%B7%D9%84%D8%A8-%D8%A7%D9%84%D8%AD%D8%B5%D9%88%D9%84-%D8%B9%D9%84%D9%89-%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D9%85%D8%B3%D8%AA%D9%81%D9%8A%D8%AF%D9%8A-%D8%A7%D9%84%D8%B6%D9%85%D8%A7%D9%86-%D8%AC%D9%87%D8%A7%D8%AA
395[+] https://mlsd.gov.sa//query/insurance/organization_register
396[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D9%88%D8%B5%D8%A7%D9%84-%D9%84%D9%84%D9%88%D8%B5%D9%88%D9%84-%D8%A7%D9%84%D9%89-%D8%A7%D9%84%D9%85%D8%AA%D8%B9%D9%81%D9%81%D9%8A%D9%86
397[+] https://mlsd.gov.sa//query/wesal
398[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D9%85%D8%B9%D8%A7%D8%B4-%D8%A7%D9%84%D8%B6%D9%85%D8%A7%D9%86
399[+] https://eservices.mlsd.gov.sa/
400[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%B7%D9%84%D8%A8-%D8%AE%D8%B7%D8%A7%D8%A8-%D8%AA%D9%88%D8%B5%D9%8A%D8%A9-%D9%84%D9%84%D8%A3%D9%8A%D8%AA%D8%A7%D9%85
401[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%AA%D8%A3%D8%B3%D9%8A%D8%B3-%D9%85%D8%B1%D9%83%D8%B2-%D8%B6%D9%8A%D8%A7%D9%81%D8%A9-%D8%A3%D8%B7%D9%81%D8%A7%D9%84-%D8%A3%D9%87%D9%84%D9%8A
402[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%AA%D8%A3%D8%B3%D9%8A%D8%B3-%D9%85%D8%B1%D9%83%D8%B2-%D8%A8%D8%AD%D9%88%D8%AB-%D9%88%D8%AF%D8%B1%D8%A7%D8%B3%D8%A7%D8%AA-%D8%A3%D9%87%D9%84%D9%8A
403[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%AA%D8%A3%D8%B3%D9%8A%D8%B3-%D9%85%D8%B1%D9%83%D8%B2-%D8%A7%D8%B1%D8%B4%D8%A7%D8%AF-%D8%A3%D8%B3%D8%B1%D9%8A-%D8%A3%D9%87%D9%84%D9%8A
404[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B9%D8%AA%D8%B1%D8%A7%D8%B6%D8%A7%D8%AA
405[+] https://eservices.mlsd.gov.sa/
406[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D9%88%D8%B6%D8%B9-%D8%A7%D9%84%D8%AD%D8%A7%D9%84%D8%A9-%D8%A7%D9%84%D9%85%D8%B1%D8%B3%D9%84-%D9%84%D8%AD%D8%A7%D9%81%D8%B2
407[+] https://mlsd.gov.sa//query/hafiz
408[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%B7%D9%84%D8%A8
409[+] https://mlsd.gov.sa//query/insurance/order_inquery
410[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%B4%D9%85%D9%88%D9%84-%D8%A7%D9%84%D9%85%D8%B3%D8%AA%D9%81%D9%8A%D8%AF-%D9%85%D9%86-%D8%A7%D9%84%D8%A7%D8%B9%D9%81%D8%A7%D8%A1-%D9%85%D9%86-%D8%B1%D8%B3%D9%88%D9%85-%D9%82%D9%8A%D8%A7%D8%B3
411[+] https://mlsd.gov.sa//query/qiyas_status
412[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%AD%D8%A7%D9%84%D8%A9-%D8%B7%D9%84%D8%A8%D8%A7%D8%AA-%D8%A7%D9%84%D8%AA%D8%B1%D8%A7%D8%AE%D9%8A%D8%B5-%D8%A7%D9%84%D8%A7%D9%87%D9%84%D9%8A%D9%87-%D8%B6%D9%8A%D8%A7%D9%81%D8%A9-%D8%A7%D8%B7%D9%81%D8%A7%D9%84
413[+] https://mlsd.gov.sa//query/srquery
414[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%AD%D8%A7%D9%84%D8%A9-%D8%A8%D8%B7%D8%A7%D9%82%D8%A9-%D9%85%D8%B3%D8%AA%D9%81%D9%8A%D8%AF%D9%8A-%D8%A7%D9%84%D8%B6%D9%85%D8%A7%D9%86
415[+] https://mlsd.gov.sa//query/insurance/bankcard_inquiry
416[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%AD%D8%A7%D9%84%D8%A9-%D8%A7%D9%84%D8%A7%D8%B1%D8%B3%D8%A7%D9%84-%D9%84%D8%A8%D9%8A%D8%A7%D9%86%D8%A7%D8%AA-%D8%B0%D9%88%D9%8A-%D8%A7%D9%84%D8%A5%D8%B9%D8%A7%D9%82%D8%A9-%D9%84%D8%A8%D8%B1%D9%86%D8%A7%D9%85%D8%AC-%D9%86%D8%B7%D8%A7%D9%82%D8%A7%D8%AA
417[+] https://mlsd.gov.sa//query/mol
418[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%A8%D9%8A%D8%A7%D9%86%D8%A7%D8%AA-%D9%85%D8%B3%D8%AA%D9%81%D9%8A%D8%AF%D9%8A-%D8%A7%D9%84%D8%B6%D9%85%D8%A7%D9%86-%D8%AC%D9%87%D8%A7%D8%AA
419[+] https://mlsd.gov.sa//query/insurance/organization_inquery
420[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%A8%D9%8A%D8%A7%D9%86%D8%A7%D8%AA-%D9%85%D8%B3%D8%AA%D9%81%D9%8A%D8%AF%D9%8A-%D8%A7%D9%84%D8%B6%D9%85%D8%A7%D9%86
421[+] https://mlsd.gov.sa//query/insurance/payee_inquery
422[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%A7%D9%84%D8%A8%D8%B1%D8%A7%D9%85%D8%AC-%D8%A7%D9%84%D9%85%D8%B3%D8%A7%D9%86%D8%AF%D8%A9
423[+] https://mlsd.gov.sa//query/insurance/general_inquery
424[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%A7%D9%84%D8%A7%D8%AA%D8%B5%D8%A7%D9%84%D8%A7%D8%AA-%D8%A7%D9%84%D8%A5%D8%AF%D8%A7%D8%B1%D9%8A%D8%A9
425[+] https://mlsd.gov.sa//query/comm
426[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%A7%D9%84%D8%A5%D8%B9%D8%A7%D9%86%D8%A9-%D8%A7%D9%84%D9%85%D8%A7%D9%84%D9%8A%D8%A9-%D8%B0%D9%88%D9%8A-%D8%A7%D9%84%D8%A5%D8%B9%D8%A7%D9%82%D8%A9-%E2%80%93-%D9%83%D9%81%D8%A7%D9%84%D8%A9-%D8%A3%D9%8A%D8%AA%D8%A7%D9%85
427[+] https://mlsd.gov.sa//query/e3nh
428[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%A5%D8%B5%D8%AF%D8%A7%D8%B1-%D8%AA%D8%B1%D8%AE%D9%8A%D8%B5-%D9%85%D8%B1%D9%83%D8%B2-%D8%AA%D8%A3%D9%87%D9%8A%D9%84-%D8%A3%D9%87%D9%84%D9%8A
429[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A5%D8%B9%D8%A7%D9%86%D8%A9-%D8%A7%D9%84%D9%85%D8%A7%D9%84%D9%8A%D8%A9-%D9%84%D9%84%D8%A3%D8%AC%D9%87%D8%B2%D8%A9-%D8%A7%D9%84%D8%B7%D8%A8%D9%8A%D8%A9-%D8%A7%D9%84%D9%85%D8%B9%D9%8A%D9%86%D8%A9
430[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D9%84%D8%A5%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85-%D8%B9%D9%86-%D8%AD%D8%A7%D9%84%D8%A9-%D8%A7%D9%84%D8%AA%D8%AD%D8%AF%D9%8A%D8%AB
431[+] https://mlsd.gov.sa//query/check-beneficiary-status
432[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A7%D8%B5%D8%AF%D8%A7%D8%B1-%D9%85%D8%B4%D9%87%D8%AF-%D8%A7%D9%84%D8%A5%D8%B9%D8%A7%D9%82%D8%A9
433[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D9%85%D9%83%D8%A7%D9%81%D8%A3%D8%A9-%D9%86%D9%87%D8%A7%D9%8A%D8%A9-%D8%AD%D8%B6%D8%A7%D9%86%D8%A9
434[+] https://mlsd.gov.sa//Non
435[+] https://mlsd.gov.sa///ar/queries/%D8%AE%D8%AF%D9%85%D8%A9-%D8%A5%D9%84%D8%AD%D8%A7%D9%82-%D8%AD%D8%AF%D8%AB-%D8%A8%D8%AF%D8%A7%D8%B1-%D8%A7%D9%84%D8%AA%D9%88%D8%AC%D9%8A%D8%A9-%D8%A7%D9%84%D8%A7%D8%AC%D8%AA%D9%85%D8%A7%D8%B9%D9%8A
436[+] https://mlsd.gov.sa//Non
437[+] https://mlsd.gov.sa///ar/queries
438[+] https://mlsd.gov.sa///ar/urv
439[+] https://mowazi.mlsd.gov.sa
440[+] https://mlsd.gov.sa///ar/programs
441[+] https://mlsd.gov.sa///ar/newsletter/signup_ar
442[+] https://mlsd.gov.sa///ar/search/site/%D8%A7%D9%84%D8%B6%D9%85%D8%A7%D9%86
443[+] https://mlsd.gov.sa///ar/search/site/%D9%88%D8%B5%D8%A7%D9%84
444[+] https://mlsd.gov.sa///ar/search/site/%D8%AD%D8%A7%D9%81%D8%B2
445[+] https://mlsd.gov.sa///ar/search/site/%D8%AA%D8%AD%D8%AF%D9%8A%D8%AB%20%D8%A7%D9%84%D8%B6%D9%85%D8%A7%D9%86
446[+] https://mlsd.gov.sa///ar/search/site/%D9%88%D8%B2%D8%A7%D8%B1%D8%A9%20%D8%A7%D9%84%D8%B9%D9%85%D9%84
447[+] https://mlsd.gov.sa///ar/search/site/%D8%AA%D8%B1%D8%AE%D9%8A%D8%B5%20%D9%85%D8%A4%D8%B3%D8%B3%D8%A9%20%D8%A3%D9%87%D9%84%D9%8A%D8%A9
448[+] https://mlsd.gov.sa///ar/search/site/%D8%A7%D9%84%D8%AE%D9%8A%D8%B1%20%D8%A7%D9%84%D8%B4%D8%A7%D9%85%D9%84
449[+] https://mlsd.gov.sa///ar/search/site/%D8%A7%D9%84%D8%B1%D8%B9%D8%A7%D9%8A%D8%A9
450[+] https://mlsd.gov.sa///ar/search/site/%D8%A7%D9%84%D8%AA%D8%B7%D9%88%D9%8A%D8%B1
451[+] https://mlsd.gov.sa///ar/search/site/%D8%A7%D8%B3%D8%AA%D8%B9%D9%84%D8%A7%D9%85
452[+] https://mlsd.gov.sa///ar/search/site/%D8%AA%D8%AD%D8%AF%D9%8A%D8%AB%20%D8%A8%D9%8A%D8%A7%D9%86%D8%A7%D8%AA%20%D8%A7%D9%84%D9%85%D8%B3%D8%AA%D9%81%D9%8A%D8%AF%D9%8A%D9%86
453[+] https://mlsd.gov.sa///ar/search/site/%D9%86%D8%B7%D8%A7%D9%82%D8%A7%D8%AA
454[+] https://mlsd.gov.sa///ar/search/site/%D8%AA%D8%AD%D8%AF%D9%8A%D8%AB%20%D8%A7%D9%84%D8%A7%D9%8A%D8%A8%D8%A7%D9%86
455[+] https://mlsd.gov.sa///ar/search/site/%D8%B7%D8%A7%D9%82%D8%A7%D8%AA
456[+] https://mlsd.gov.sa///ar/faq
457[+] https://mlsd.gov.sa///ar/faq
458[+] https://mlsd.gov.sa///ar/rss-feed.xml
459[+] https://mlsd.gov.sa///ar/page/%D8%B3%D9%8A%D8%A7%D8%B3%D8%A9-%D8%A7%D9%84%D8%AE%D8%B5%D9%88%D8%B5%D9%8A%D8%A9
460[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D8%A5%D8%B3%D8%AA%D8%AE%D8%AF%D8%A7%D9%85-%D9%88%D8%A5%D8%AE%D9%84%D8%A7%D8%A1-%D8%A7%D9%84%D9%85%D8%B3%D8%A4%D9%88%D9%84%D9%8A%D8%A9
461[+] https://mlsd.gov.sa///ar/page/%D8%A5%D8%AA%D9%81%D8%A7%D9%82%D9%8A%D8%A9-%D9%85%D8%B3%D8%AA%D9%88%D9%89-%D8%A7%D9%84%D8%AE%D8%AF%D9%85%D8%A9
462[+] https://mlsd.gov.sa///ar/page/%D8%B3%D9%8A%D8%A7%D8%B3%D8%A9-%D8%A7%D8%B3%D8%AA%D8%AE%D8%AF%D8%A7%D9%85-%D8%A7%D9%84%D8%A8%D9%8A%D8%A7%D9%86%D8%A7%D8%AA-%D8%A7%D9%84%D9%85%D9%81%D8%AA%D9%88%D8%AD%D8%A9
463[+] https://mlsd.gov.sa///ar/sitemap
464[+] https://mlsd.gov.sa///ar/reports/google-analytics
465[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D8%AA%D9%86%D9%85%D9%8A%D8%A9-%D8%A7%D9%84%D9%85%D8%B3%D8%AA%D8%AF%D8%A7%D9%85%D8%A9
466[+] https://mlsd.gov.sa///ar/page/%D8%B9%D9%86-%D8%A7%D9%84%D8%A8%D9%8A%D8%A7%D9%86%D8%A7%D8%AA-%D8%A7%D9%84%D9%85%D9%81%D8%AA%D9%88%D8%AD%D8%A9
467[+] https://mlsd.gov.sa///ar/page/%D8%A7%D9%84%D8%A3%D9%87%D8%AF%D8%A7%D9%81-%D8%A7%D9%84%D8%A7%D8%B3%D8%AA%D8%B1%D8%A7%D8%AA%D9%8A%D8%AC%D9%8A%D8%A9
468[+] https://mlsd.gov.sa///ar/page/%D9%81%D9%88%D8%A7%D8%A6%D8%AF-%D8%A7%D9%84%D8%AA%D8%B3%D8%AC%D9%8A%D9%84-%D9%81%D9%8A-%D8%A7%D9%84%D8%A8%D9%88%D8%A7%D8%A8%D8%A9
469[+] https://mlsd.gov.sa///ar/page/%D9%85%D9%8A%D8%AB%D8%A7%D9%82-%D8%A7%D9%84%D8%B9%D9%85%D9%84%D8%A7%D8%A1
470[+] https://mlsd.gov.sa///ar/page/%D8%A8%D9%88%D8%A7%D8%A8%D8%A9-%D8%B3%D8%B9%D9%88%D8%AF%D9%8A-%D8%A7%D9%84%D9%88%D8%B7%D9%86%D9%8A%D8%A9
471[+] https://mlsd.gov.sa///ar/faq
472[+] https://sd.mlsd.gov.sa/ar/urv
473[+] https://sd.mlsd.gov.sa/ar/urv
474[+] https://sd.mlsd.gov.sa/ar/urv
475[+] https://mlsd.gov.sa//" class=
476[+] https://sd.mlsd.gov.sa/ar/urv
477[+] https://sd.mlsd.gov.sa/ar/urv
478[+] https://sd.mlsd.gov.sa/ar/urv
479[+] https://sd.mlsd.gov.sa/ar/urv
480[+] https://sd.mlsd.gov.sa/ar/urv
481[+] https://sd.mlsd.gov.sa/ar/urv
482[+] https://sd.mlsd.gov.sa/ar/urv
483[+] https://sd.mlsd.gov.sa/ar/urv
484[+] https://sd.mlsd.gov.sa/ar/urv
485[+] https://sd.mlsd.gov.sa/ar/urv
486[+] https://sd.mlsd.gov.sa/ar/urv
487[+] https://sd.mlsd.gov.sa/ar/urv
488[+] https://sd.mlsd.gov.sa/ar/urv
489[+] https://sd.mlsd.gov.sa/ar/urv
490[+] https://sd.mlsd.gov.sa/ar/urv
491[+] https://mlsd.gov.sa//Non
492[+] https://sd.mlsd.gov.sa/ar/urv
493[+] https://mlsd.gov.sa//Non
494[+] https://sd.mlsd.gov.sa/ar/urv
495[+] https://sd.mlsd.gov.sa/ar/urv
496[+] https://webportalstat.mlsd.gov.sa/WebPortalDashboard/index.aspx
497[+] https://sd.mlsd.gov.sa/ar/urv
498[+] https://eservices.mlsd.gov.sa/
499[+] https://sd.mlsd.gov.sa/ar/urv
500[+] https://sd.mlsd.gov.sa/ar/urv
501[+] https://mlsd.gov.sa/ar/urv
502[+] https://sd.mlsd.gov.sa/ar/urv
503[+] https://sd.mlsd.gov.sa/ar/urv
504[+] https://mlsd.gov.sa/ar/urv
505[+] https://sd.mlsd.gov.sa/ar/urv
506[+] https://sd.mlsd.gov.sa/ar/urv
507[+] https://sd.mlsd.gov.sa/ar/urv
508[+] https://sd.mlsd.gov.sa/ar/urv
509[+] https://sd.mlsd.gov.sa/ar/urv
510[+] https://sd.mlsd.gov.sa/ar/urv
511[+] https://sd.mlsd.gov.sa/ar/urv
512[+] https://eservices.mlsd.gov.sa/
513[+] https://sd.mlsd.gov.sa/ar/urv
514[+] https://sd.mlsd.gov.sa/ar/urv
515[+] https://sd.mlsd.gov.sa/ar/urv
516[+] https://sd.mlsd.gov.sa/ar/urv
517[+] https://sd.mlsd.gov.sa/ar/urv
518[+] https://sd.mlsd.gov.sa/ar/urv
519[+] https://mlsd.gov.sa//query/insurance/organization_register
520[+] https://sd.mlsd.gov.sa/ar/urv
521[+] https://mlsd.gov.sa//query/wesal
522[+] https://sd.mlsd.gov.sa/ar/urv
523[+] https://eservices.mlsd.gov.sa/
524[+] https://sd.mlsd.gov.sa/ar/urv
525[+] https://sd.mlsd.gov.sa/ar/urv
526[+] https://sd.mlsd.gov.sa/ar/urv
527[+] https://sd.mlsd.gov.sa/ar/urv
528[+] https://sd.mlsd.gov.sa/ar/urv
529[+] https://eservices.mlsd.gov.sa/
530[+] https://sd.mlsd.gov.sa/ar/urv
531[+] https://mlsd.gov.sa//query/hafiz
532[+] https://sd.mlsd.gov.sa/ar/urv
533[+] https://mlsd.gov.sa//query/insurance/order_inquery
534[+] https://sd.mlsd.gov.sa/ar/urv
535[+] https://mlsd.gov.sa//query/qiyas_status
536[+] https://sd.mlsd.gov.sa/ar/urv
537[+] https://mlsd.gov.sa//query/srquery
538[+] https://sd.mlsd.gov.sa/ar/urv
539[+] https://mlsd.gov.sa//query/insurance/bankcard_inquiry
540[+] https://sd.mlsd.gov.sa/ar/urv
541[+] https://mlsd.gov.sa//query/mol
542[+] https://sd.mlsd.gov.sa/ar/urv
543[+] https://mlsd.gov.sa//query/insurance/organization_inquery
544[+] https://sd.mlsd.gov.sa/ar/urv
545[+] https://mlsd.gov.sa//query/insurance/payee_inquery
546[+] https://sd.mlsd.gov.sa/ar/urv
547[+] https://mlsd.gov.sa//query/insurance/general_inquery
548[+] https://sd.mlsd.gov.sa/ar/urv
549[+] https://mlsd.gov.sa//query/comm
550[+] https://sd.mlsd.gov.sa/ar/urv
551[+] https://mlsd.gov.sa//query/e3nh
552[+] https://sd.mlsd.gov.sa/ar/urv
553[+] https://sd.mlsd.gov.sa/ar/urv
554[+] https://sd.mlsd.gov.sa/ar/urv
555[+] https://mlsd.gov.sa//query/check-beneficiary-status
556[+] https://sd.mlsd.gov.sa/ar/urv
557[+] https://mlsd.gov.sa/ar/nitaqat
558[+] https://sd.mlsd.gov.sa/ar/urv
559[+] https://mlsd.gov.sa/ar/nitaqat
560[+] https://sd.mlsd.gov.sa/ar/urv
561[+] https://sd.mlsd.gov.sa/ar/urv
562[+] https://sd.mlsd.gov.sa/ar/urv
563[+] https://sd.mlsd.gov.sa/ar/urv
564[+] https://sd.mlsd.gov.sa/ar/urv
565[+] https://sd.mlsd.gov.sa/ar/urv
566[+] https://sd.mlsd.gov.sa/ar/urv
567[+] https://sd.mlsd.gov.sa/ar/urv
568[+] https://sd.mlsd.gov.sa/ar/urv
569[+] https://mlsd.gov.sa/ar/urv
570[+] https://sd.mlsd.gov.sa/ar/urv
571[+] https://sd.mlsd.gov.sa/ar/urv
572[+] https://sd.mlsd.gov.sa/ar/urv
573[+] https://sd.mlsd.gov.sa/ar/urv
574[+] https://sd.mlsd.gov.sa/ar/urv
575[+] https://sd.mlsd.gov.sa/ar/urv
576[+] https://sd.mlsd.gov.sa/ar/urv
577[+] https://sd.mlsd.gov.sa/ar/urv
578[+] https://sd.mlsd.gov.sa/ar/urv
579[+] https://sd.mlsd.gov.sa/ar/urv
580[+] https://mlsd.gov.sa//Non
581[+] https://sd.mlsd.gov.sa/ar/urv
582[+] https://mlsd.gov.sa//Non
583[+] https://sd.mlsd.gov.sa/ar/urv
584[+] https://sd.mlsd.gov.sa/ar/urv
585[+] https://sd.mlsd.gov.sa/ar/urv
586[+] https://sd.mlsd.gov.sa/ar/urv
587[+] https://sd.mlsd.gov.sa/ar/urv
588[+] https://sd.mlsd.gov.sa/ar/urv
589[+] https://sd.mlsd.gov.sa/ar/urv
590--------------------------------------------------
591[!] 114 External links Discovered
592[#] https://www.mol.gov.sa/securessl/login.aspx
593[#] http://qarar.ma3an.gov.sa/#
594[#] https://rasd.ma3an.gov.sa/
595[#] https://tanbeeh.ma3an.gov.sa/
596[#] https://taqyeem.ma3an.gov.sa/
597[#] https://www.mol.gov.sa/securessl/login.aspx
598[#] https://www.laboreducation.gov.sa
599[#] https://ca.gov.sa/
600[#] https://www.taqat.sa/
601[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
602[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
603[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
604[#] https://www.mol.gov.sa/securessl/login.aspx
605[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
606[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
607[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
608[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
609[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
610[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
611[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
612[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
613[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
614[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
615[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
616[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
617[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
618[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
619[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
620[#] https://www.mol.gov.sa/securessl/login.aspx
621[#] https://www.mol.gov.sa/securessl/login.aspx
622[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
623[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
624[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
625[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
626[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
627[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
628[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
629[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
630[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
631[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
632[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
633[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
634[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
635[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
636[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
637[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
638[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
639[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
640[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
641[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
642[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
643[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
644[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
645[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
646[#] https://www.mowaamah.sa/AR/Pages/default.aspx
647[#] https://www.qiwa.sa/
648[#] https://ca.gov.sa/#/login
649[#] https://www.taqat.sa/
650[#] https://www.musaned.com.sa/
651[#] https://www.laboreducation.gov.sa/ar
652[#] https://www.laboreducation.gov.sa/Ar/Pages/UserConsultationLanding.aspx
653[#] https://teleworks.sa/
654[#] https://www.ajeer.com.sa/
655[#] https://www.snapchat.com/add/Mlsd.sa
656[#] https://plus.google.com/+MinistryOfLaborksa
657[#] https://www.linkedin.com/
658[#] https://eservices.mcs.gov.sa/Jadara3/(S(sh1oncvxey1ega1uvynd50re))/Users/Index.aspx
659[#] https://www.w3.org/WAI/WCAG1A-Conformance
660[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
661[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
662[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
663[#] https://www.mol.gov.sa/securessl/login.aspx
664[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
665[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
666[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
667[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
668[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
669[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
670[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
671[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
672[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
673[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
674[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
675[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
676[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
677[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
678[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
679[#] https://www.mol.gov.sa/securessl/login.aspx
680[#] https://www.mol.gov.sa/securessl/login.aspx
681[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
682[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
683[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
684[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
685[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
686[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
687[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
688[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
689[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
690[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
691[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
692[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
693[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
694[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
695[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
696[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
697[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
698[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
699[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
700[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
701[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
702[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
703[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
704[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
705[#] https://www.mol.gov.sa/SecureSSL/Login.aspx
706--------------------------------------------------
707[#] Mapping Subdomain..
708[!] Found 106 Subdomain
709- mlsd.gov.sa
710- gate1.mlsd.gov.sa
711- ismaani1.mlsd.gov.sa
712- ismaani2.mlsd.gov.sa
713- smtp3.mlsd.gov.sa
714- smtp4.mlsd.gov.sa
715- sd-eservice.mlsd.gov.sa
716- expwye.mlsd.gov.sa
717- sosh.mlsd.gov.sa
718- weddi.mlsd.gov.sa
719- ismaani.mlsd.gov.sa
720- acd1.ismaani.mlsd.gov.sa
721- billing1.ismaani.mlsd.gov.sa
722- cti1.ismaani.mlsd.gov.sa
723- qm1.ismaani.mlsd.gov.sa
724- admin1.ismaani.mlsd.gov.sa
725- sip1.ismaani.mlsd.gov.sa
726- user1.ismaani.mlsd.gov.sa
727- relay1.ismaani.mlsd.gov.sa
728- acd2.ismaani.mlsd.gov.sa
729- cti2.ismaani.mlsd.gov.sa
730- qm2.ismaani.mlsd.gov.sa
731- vm2.ismaani.mlsd.gov.sa
732- admin2.ismaani.mlsd.gov.sa
733- sip2.ismaani.mlsd.gov.sa
734- user2.ismaani.mlsd.gov.sa
735- relay2.ismaani.mlsd.gov.sa
736- red5.ismaani.mlsd.gov.sa
737- stg-red5.ismaani.mlsd.gov.sa
738- download.ismaani.mlsd.gov.sa
739- acd.ismaani.mlsd.gov.sa
740- stg-acd.ismaani.mlsd.gov.sa
741- sip1-ppd.ismaani.mlsd.gov.sa
742- sip2-ppd.ismaani.mlsd.gov.sa
743- sip-ppd.ismaani.mlsd.gov.sa
744- billing.ismaani.mlsd.gov.sa
745- stg-billing.ismaani.mlsd.gov.sa
746- provisioning.ismaani.mlsd.gov.sa
747- api.ismaani.mlsd.gov.sa
748- accountapi.ismaani.mlsd.gov.sa
749- cti.ismaani.mlsd.gov.sa
750- stg-cti.ismaani.mlsd.gov.sa
751- qm.ismaani.mlsd.gov.sa
752- stg-qm.ismaani.mlsd.gov.sa
753- vm.ismaani.mlsd.gov.sa
754- stg-vm.ismaani.mlsd.gov.sa
755- admin.ismaani.mlsd.gov.sa
756- stg-admin.ismaani.mlsd.gov.sa
757- centreon.ismaani.mlsd.gov.sa
758- sip.ismaani.mlsd.gov.sa
759- stg-sip.ismaani.mlsd.gov.sa
760- user.ismaani.mlsd.gov.sa
761- stg-user.ismaani.mlsd.gov.sa
762- sip1-gw.ismaani.mlsd.gov.sa
763- sip2-gw.ismaani.mlsd.gov.sa
764- sip-gw.ismaani.mlsd.gov.sa
765- relay.ismaani.mlsd.gov.sa
766- stg-relay.ismaani.mlsd.gov.sa
767- mowazi.mlsd.gov.sa
768- portal.mlsd.gov.sa
769- tamam.mlsd.gov.sa
770- makeen.mlsd.gov.sa
771- evaluation.mlsd.gov.sa
772- pmo.mlsd.gov.sa
773- dp.mlsd.gov.sa
774- sip.mlsd.gov.sa
775- marketdashboard.wip.mlsd.gov.sa
776- sd.wip.mlsd.gov.sa
777- wesal.wip.mlsd.gov.sa
778- mail.wip.mlsd.gov.sa
779- epm.wip.mlsd.gov.sa
780- watheeq.wip.mlsd.gov.sa
781- eservices.wip.mlsd.gov.sa
782- sd-eservices.wip.mlsd.gov.sa
783- laborpolicies.wip.mlsd.gov.sa
784- webportalstat.wip.mlsd.gov.sa
785- autodiscover.mlsd.gov.sa
786- ces.mlsd.gov.sa
787- ims.mlsd.gov.sa
788- www.ims.mlsd.gov.sa
789- access.mlsd.gov.sa
790- www.mlsd.gov.sa
791- accounts.mlsd.gov.sa
792- external.mlsd.gov.sa
793- dialin.mlsd.gov.sa
794- lyncdiscover.mlsd.gov.sa
795- meet.mlsd.gov.sa
796- wac.mlsd.gov.sa
797- rasdmobile.mlsd.gov.sa
798- rasdcrm.mlsd.gov.sa
799- webmail.mlsd.gov.sa
800- sts.mlsd.gov.sa
801- gate2.mlsd.gov.sa
802- apm.mlsd.gov.sa
803- gate.mlsd.gov.sa
804- majales-fac.mlsd.gov.sa
805- ns01.mlsd.gov.sa
806- ns02.mlsd.gov.sa
807- smtp5.mlsd.gov.sa
808- stc-mgw-01.mlsd.gov.sa
809- smtp8.mlsd.gov.sa
810- smtp8.ims.mlsd.gov.sa
811- stc-mgw-02.mlsd.gov.sa
812- smtp9.mlsd.gov.sa
813- smtp9.ims.mlsd.gov.sa
814- webportal.mlsd.gov.sa
815--------------------------------------------------
816[!] Done At 2019-08-06 13:45:53.903951
817#######################################################################################################################################
818[i] Scanning Site: https://mlsd.gov.sa
819
820
821
822B A S I C I N F O
823====================
824
825
826[+] Site Title: وزارة العمل والتنمية الاجتماعية
827[+] IP address: 94.97.248.201
828[+] Web Server: Apache
829[+] CMS: Drupal
830[+] Cloudflare: Not Detected
831[+] Robots File: Found
832
833-------------[ contents ]----------------
834#
835# robots.txt
836#
837# This file is to prevent the crawling and indexing of certain parts
838# of your site by web crawlers and spiders run by sites like Yahoo!
839# and Google. By telling these "robots" where not to go on your site,
840# you save bandwidth and server resources.
841#
842# This file will be ignored unless it is at the root of your host:
843# Used: http://example.com/robots.txt
844# Ignored: http://example.com/site/robots.txt
845#
846# For more information about the robots.txt standard, see:
847# http://www.robotstxt.org/robotstxt.html
848
849User-agent: *
850Crawl-delay: 10
851# CSS, JS, Images
852Allow: /misc/*.css$
853Allow: /misc/*.css?
854Allow: /misc/*.js$
855Allow: /misc/*.js?
856Allow: /misc/*.gif
857Allow: /misc/*.jpg
858Allow: /misc/*.jpeg
859Allow: /misc/*.png
860Allow: /modules/*.css$
861Allow: /modules/*.css?
862Allow: /modules/*.js$
863Allow: /modules/*.js?
864Allow: /modules/*.gif
865Allow: /modules/*.jpg
866Allow: /modules/*.jpeg
867Allow: /modules/*.png
868Allow: /profiles/*.css$
869Allow: /profiles/*.css?
870Allow: /profiles/*.js$
871Allow: /profiles/*.js?
872Allow: /profiles/*.gif
873Allow: /profiles/*.jpg
874Allow: /profiles/*.jpeg
875Allow: /profiles/*.png
876Allow: /themes/*.css$
877Allow: /themes/*.css?
878Allow: /themes/*.js$
879Allow: /themes/*.js?
880Allow: /themes/*.gif
881Allow: /themes/*.jpg
882Allow: /themes/*.jpeg
883Allow: /themes/*.png
884
885# Files
886Disallow: /CHANGELOG.txt
887Disallow: /cron.php
888Disallow: /INSTALL.mysql.txt
889Disallow: /INSTALL.pgsql.txt
890Disallow: /INSTALL.sqlite.txt
891Disallow: /install.php
892Disallow: /INSTALL.txt
893Disallow: /LICENSE.txt
894Disallow: /MAINTAINERS.txt
895Disallow: /update.php
896Disallow: /UPGRADE.txt
897Disallow: /xmlrpc.php
898# Paths (clean URLs)
899Disallow: /admin/
900Disallow: /comment/reply/
901Disallow: /filter/tips/
902Disallow: /node/add/
903Disallow: /search/
904Disallow: /user/register/
905Disallow: /user/password/
906Disallow: /user/login/
907Disallow: /user/logout/
908# Paths (no clean URLs)
909Disallow: /?q=admin/
910Disallow: /?q=comment/reply/
911Disallow: /?q=filter/tips/
912Disallow: /?q=node/add/
913Disallow: /?q=search/
914Disallow: /?q=user/password/
915Disallow: /?q=user/register/
916Disallow: /?q=user/login/
917Disallow: /?q=user/logout/
918
919-----------[end of contents]-------------
920
921
922
923
924
925G E O I P L O O K U P
926=========================
927
928[i] IP Address: 94.97.248.201
929[i] Country: Saudi Arabia
930[i] State: Eastern Province
931[i] City: Dammam
932[i] Latitude: 26.4336
933[i] Longitude: 50.1116
934
935
936
937
938H T T P H E A D E R S
939=======================
940
941
942[i] HTTP/1.1 200 OK
943[i] Content-Type: text/html; charset=utf-8
944[i] Connection: close
945[i] Date: Tue, 06 Aug 2019 17:46:17 GMT
946[i] Server: Apache
947[i] X-Drupal-Cache: HIT
948[i] Etag: "1565112901-0"
949[i] X-XSS-Protection: 1; mode=block
950[i] X-Content-Type-Options: nosniff
951[i] X-Frame-Options: SameOrigin
952[i] Strict-Transport-Security: max-age=63072000; includeSubDomains
953[i] Content-Language: ar
954[i] Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
955[i] Expires: Sun, 19 Nov 1978 05:00:00 GMT
956[i] Vary: Cookie,Accept-Encoding
957[i] Set-Cookie: LIPICINX=02c21cd651-ca25-42pSiroMvKkV0cki9kw1NI0pZnuHBjelzOJ6xt4Cc5j4CVGpVgDIOWSBOjdvsFW_HPRtE; path=/
958
959
960
961
962D N S L O O K U P
963===================
964
965mlsd.gov.sa. 499 IN NS ns01.mlsd.gov.sa.
966mlsd.gov.sa. 499 IN NS ns02.mlsd.gov.sa.
967mlsd.gov.sa. 29 IN A 94.97.248.201
968mlsd.gov.sa. 29 IN MX 10 smtp8.mlsd.gov.sa.
969mlsd.gov.sa. 29 IN MX 10 smtp9.mlsd.gov.sa.
970mlsd.gov.sa. 29 IN TXT "v=spf1 ip4:78.93.30.230 ip4:78.93.30.231 ip4:91.221.22.4 ip4:91.221.22.16 ip4:185.63.233.34 ip4:185.63.233.35 ip4:94.97.248.213 ip4:94.97.248.214 ip4:185.118.120.31 -all"
971mlsd.gov.sa. 29 IN TXT "MS=ms66990838"
972mlsd.gov.sa. 29 IN TXT "yZRWtfyv"
973mlsd.gov.sa. 499 IN SOA ns01.mlsd.gov.sa. hostmaster.ns01.mlsd.gov.sa. 2019073148 10800 3600 604800 86400
974
975
976
977
978S U B N E T C A L C U L A T I O N
979====================================
980
981Address = 94.97.248.201
982Network = 94.97.248.201 / 32
983Netmask = 255.255.255.255
984Broadcast = not needed on Point-to-Point links
985Wildcard Mask = 0.0.0.0
986Hosts Bits = 0
987Max. Hosts = 1 (2^0 - 0)
988Host Range = { 94.97.248.201 - 94.97.248.201 }
989
990
991
992N M A P P O R T S C A N
993============================
994
995Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-06 17:46 UTC
996Nmap scan report for mlsd.gov.sa (94.97.248.201)
997Host is up (0.17s latency).
998
999PORT STATE SERVICE
100021/tcp filtered ftp
100122/tcp closed ssh
100223/tcp closed telnet
100380/tcp open http
1004110/tcp closed pop3
1005143/tcp closed imap
1006443/tcp open https
10073389/tcp closed ms-wbt-server
1008
1009Nmap done: 1 IP address (1 host up) scanned in 2.79 seconds
1010
1011
1012
1013S U B - D O M A I N F I N D E R
1014==================================
1015
1016
1017[i] Total Subdomains Found : 105
1018
1019[+] Subdomain: stc-mgw-01.mlsd.gov.sa
1020[-] IP: 94.97.248.213
1021
1022[+] Subdomain: ns01.mlsd.gov.sa
1023[-] IP: 185.118.120.10
1024
1025[+] Subdomain: gate1.mlsd.gov.sa
1026[-] IP: 86.60.120.242
1027
1028[+] Subdomain: ismaani1.mlsd.gov.sa
1029[-] IP: 86.60.120.247
1030
1031[+] Subdomain: stc-mgw-02.mlsd.gov.sa
1032[-] IP: 94.97.248.214
1033
1034[+] Subdomain: ns02.mlsd.gov.sa
1035[-] IP: 185.118.121.10
1036
1037[+] Subdomain: gate2.mlsd.gov.sa
1038[-] IP: 91.213.213.56
1039
1040[+] Subdomain: ismaani2.mlsd.gov.sa
1041[-] IP: 86.60.120.251
1042
1043[+] Subdomain: smtp3.mlsd.gov.sa
1044[-] IP: 91.221.22.4
1045
1046[+] Subdomain: smtp4.mlsd.gov.sa
1047[-] IP: 91.221.22.16
1048
1049[+] Subdomain: smtp5.mlsd.gov.sa
1050[-] IP: 185.63.233.35
1051
1052[+] Subdomain: smtp8.mlsd.gov.sa
1053[-] IP: 94.97.248.213
1054
1055[+] Subdomain: smtp9.mlsd.gov.sa
1056[-] IP: 94.97.248.214
1057
1058[+] Subdomain: majales-fac.mlsd.gov.sa
1059[-] IP: 185.118.120.36
1060
1061[+] Subdomain: wac.mlsd.gov.sa
1062[-] IP: 91.213.213.159
1063
1064[+] Subdomain: sd-eservice.mlsd.gov.sa
1065[-] IP: 78.93.30.243
1066
1067[+] Subdomain: rasdmobile.mlsd.gov.sa
1068[-] IP: 91.213.213.21
1069
1070[+] Subdomain: gate.mlsd.gov.sa
1071[-] IP: 91.213.213.66
1072
1073[+] Subdomain: expwye.mlsd.gov.sa
1074[-] IP: 78.93.31.67
1075
1076[+] Subdomain: sosh.mlsd.gov.sa
1077[-] IP: 37.224.16.84
1078
1079[+] Subdomain: weddi.mlsd.gov.sa
1080[-] IP: 37.224.16.85
1081
1082[+] Subdomain: ismaani.mlsd.gov.sa
1083[-] IP: 86.60.120.247
1084
1085[+] Subdomain: acd1.ismaani.mlsd.gov.sa
1086[-] IP: 86.60.120.245
1087
1088[+] Subdomain: billing1.ismaani.mlsd.gov.sa
1089[-] IP: 86.60.120.247
1090
1091[+] Subdomain: cti1.ismaani.mlsd.gov.sa
1092[-] IP: 86.60.120.248
1093
1094[+] Subdomain: qm1.ismaani.mlsd.gov.sa
1095[-] IP: 86.60.120.248
1096
1097[+] Subdomain: admin1.ismaani.mlsd.gov.sa
1098[-] IP: 86.60.120.248
1099
1100[+] Subdomain: sip1.ismaani.mlsd.gov.sa
1101[-] IP: 86.60.120.245
1102
1103[+] Subdomain: user1.ismaani.mlsd.gov.sa
1104[-] IP: 86.60.120.247
1105
1106[+] Subdomain: relay1.ismaani.mlsd.gov.sa
1107[-] IP: 86.60.120.247
1108
1109[+] Subdomain: acd2.ismaani.mlsd.gov.sa
1110[-] IP: 86.60.120.249
1111
1112[+] Subdomain: cti2.ismaani.mlsd.gov.sa
1113[-] IP: 86.60.120.252
1114
1115[+] Subdomain: qm2.ismaani.mlsd.gov.sa
1116[-] IP: 86.60.120.252
1117
1118[+] Subdomain: vm2.ismaani.mlsd.gov.sa
1119[-] IP: 86.60.120.250
1120
1121[+] Subdomain: admin2.ismaani.mlsd.gov.sa
1122[-] IP: 86.60.120.252
1123
1124[+] Subdomain: sip2.ismaani.mlsd.gov.sa
1125[-] IP: 86.60.120.245
1126
1127[+] Subdomain: user2.ismaani.mlsd.gov.sa
1128[-] IP: 86.60.120.251
1129
1130[+] Subdomain: relay2.ismaani.mlsd.gov.sa
1131[-] IP: 86.60.120.251
1132
1133[+] Subdomain: red5.ismaani.mlsd.gov.sa
1134[-] IP: 86.60.120.247
1135
1136[+] Subdomain: stg-red5.ismaani.mlsd.gov.sa
1137[-] IP: 86.60.120.253
1138
1139[+] Subdomain: download.ismaani.mlsd.gov.sa
1140[-] IP: 86.60.120.247
1141
1142[+] Subdomain: acd.ismaani.mlsd.gov.sa
1143[-] IP: 86.60.120.245
1144
1145[+] Subdomain: stg-acd.ismaani.mlsd.gov.sa
1146[-] IP: 86.60.120.229
1147
1148[+] Subdomain: sip1-ppd.ismaani.mlsd.gov.sa
1149[-] IP: 86.60.120.246
1150
1151[+] Subdomain: sip2-ppd.ismaani.mlsd.gov.sa
1152[-] IP: 86.60.120.250
1153
1154[+] Subdomain: sip-ppd.ismaani.mlsd.gov.sa
1155[-] IP: 86.60.120.246
1156
1157[+] Subdomain: billing.ismaani.mlsd.gov.sa
1158[-] IP: 86.60.120.247
1159
1160[+] Subdomain: stg-billing.ismaani.mlsd.gov.sa
1161[-] IP: 86.60.120.253
1162
1163[+] Subdomain: provisioning.ismaani.mlsd.gov.sa
1164[-] IP: 86.60.120.247
1165
1166[+] Subdomain: api.ismaani.mlsd.gov.sa
1167[-] IP: 86.60.120.251
1168
1169[+] Subdomain: accountapi.ismaani.mlsd.gov.sa
1170[-] IP: 86.60.120.251
1171
1172[+] Subdomain: cti.ismaani.mlsd.gov.sa
1173[-] IP: 86.60.120.248
1174
1175[+] Subdomain: stg-cti.ismaani.mlsd.gov.sa
1176[-] IP: 86.60.120.243
1177
1178[+] Subdomain: qm.ismaani.mlsd.gov.sa
1179[-] IP: 86.60.120.248
1180
1181[+] Subdomain: stg-qm.ismaani.mlsd.gov.sa
1182[-] IP: 86.60.120.243
1183
1184[+] Subdomain: vm.ismaani.mlsd.gov.sa
1185[-] IP: 86.60.120.246
1186
1187[+] Subdomain: stg-vm.ismaani.mlsd.gov.sa
1188[-] IP: 86.60.120.230
1189
1190[+] Subdomain: admin.ismaani.mlsd.gov.sa
1191[-] IP: 86.60.120.248
1192
1193[+] Subdomain: stg-admin.ismaani.mlsd.gov.sa
1194[-] IP: 86.60.120.243
1195
1196[+] Subdomain: centreon.ismaani.mlsd.gov.sa
1197[-] IP: 86.60.120.244
1198
1199[+] Subdomain: sip.ismaani.mlsd.gov.sa
1200[-] IP: 86.60.120.249
1201
1202[+] Subdomain: stg-sip.ismaani.mlsd.gov.sa
1203[-] IP: 86.60.120.229
1204
1205[+] Subdomain: user.ismaani.mlsd.gov.sa
1206[-] IP: 86.60.120.247
1207
1208[+] Subdomain: stg-user.ismaani.mlsd.gov.sa
1209[-] IP: 86.60.120.253
1210
1211[+] Subdomain: sip1-gw.ismaani.mlsd.gov.sa
1212[-] IP: 86.60.120.246
1213
1214[+] Subdomain: sip2-gw.ismaani.mlsd.gov.sa
1215[-] IP: 86.60.120.250
1216
1217[+] Subdomain: sip-gw.ismaani.mlsd.gov.sa
1218[-] IP: 86.60.120.246
1219
1220[+] Subdomain: relay.ismaani.mlsd.gov.sa
1221[-] IP: 86.60.120.247
1222
1223[+] Subdomain: stg-relay.ismaani.mlsd.gov.sa
1224[-] IP: 86.60.120.253
1225
1226[+] Subdomain: mowazi.mlsd.gov.sa
1227[-] IP: 94.97.248.207
1228
1229[+] Subdomain: external.mlsd.gov.sa
1230[-] IP: 91.213.213.145
1231
1232[+] Subdomain: portal.mlsd.gov.sa
1233[-] IP: 91.221.23.14
1234
1235[+] Subdomain: webportal.mlsd.gov.sa
1236[-] IP: 78.93.30.236
1237
1238[+] Subdomain: webmail.mlsd.gov.sa
1239[-] IP: 91.213.213.31
1240
1241[+] Subdomain: tamam.mlsd.gov.sa
1242[-] IP: 37.224.16.78
1243
1244[+] Subdomain: apm.mlsd.gov.sa
1245[-] IP: 91.213.213.65
1246
1247[+] Subdomain: rasdcrm.mlsd.gov.sa
1248[-] IP: 91.213.213.23
1249
1250[+] Subdomain: makeen.mlsd.gov.sa
1251[-] IP: 94.97.248.208
1252
1253[+] Subdomain: dialin.mlsd.gov.sa
1254[-] IP: 91.213.213.145
1255
1256[+] Subdomain: evaluation.mlsd.gov.sa
1257[-] IP: 78.93.30.241
1258
1259[+] Subdomain: pmo.mlsd.gov.sa
1260[-] IP: 94.97.248.215
1261
1262[+] Subdomain: dp.mlsd.gov.sa
1263[-] IP: 94.97.248.217
1264
1265[+] Subdomain: sip.mlsd.gov.sa
1266[-] IP: 86.60.120.245
1267
1268[+] Subdomain: marketdashboard.wip.mlsd.gov.sa
1269[-] IP: 37.224.16.68
1270
1271[+] Subdomain: sd.wip.mlsd.gov.sa
1272[-] IP: 86.60.120.241
1273
1274[+] Subdomain: wesal.wip.mlsd.gov.sa
1275[-] IP: 86.60.120.240
1276
1277[+] Subdomain: mail.wip.mlsd.gov.sa
1278[-] IP: 94.97.248.203
1279
1280[+] Subdomain: epm.wip.mlsd.gov.sa
1281[-] IP: 86.60.120.232
1282
1283[+] Subdomain: watheeq.wip.mlsd.gov.sa
1284[-] IP: 94.97.248.220
1285
1286[+] Subdomain: eservices.wip.mlsd.gov.sa
1287[-] IP: 86.60.120.233
1288
1289[+] Subdomain: sd-eservices.wip.mlsd.gov.sa
1290[-] IP: 37.224.16.70
1291
1292[+] Subdomain: laborpolicies.wip.mlsd.gov.sa
1293[-] IP: 37.224.16.69
1294
1295[+] Subdomain: webportalstat.wip.mlsd.gov.sa
1296[-] IP: 37.224.16.71
1297
1298[+] Subdomain: lyncdiscover.mlsd.gov.sa
1299[-] IP: 91.213.213.145
1300
1301[+] Subdomain: autodiscover.mlsd.gov.sa
1302[-] IP: 94.97.248.203
1303
1304[+] Subdomain: ces.mlsd.gov.sa
1305[-] IP: 37.224.16.79
1306
1307[+] Subdomain: ims.mlsd.gov.sa
1308[-] IP: 185.118.120.86
1309
1310[+] Subdomain: smtp8.ims.mlsd.gov.sa
1311[-] IP: 94.97.248.213
1312
1313[+] Subdomain: smtp9.ims.mlsd.gov.sa
1314[-] IP: 94.97.248.214
1315
1316[+] Subdomain: www.ims.mlsd.gov.sa
1317[-] IP: 185.118.120.86
1318
1319[+] Subdomain: access.mlsd.gov.sa
1320[-] IP: 37.224.16.81
1321
1322[+] Subdomain: accounts.mlsd.gov.sa
1323[-] IP: 185.118.120.172
1324
1325[+] Subdomain: sts.mlsd.gov.sa
1326[-] IP: 91.213.213.33
1327
1328[+] Subdomain: meet.mlsd.gov.sa
1329[-] IP: 91.213.213.145
1330
1331[+] Subdomain: www.mlsd.gov.sa
1332[-] IP: 94.97.248.201
1333#######################################################################################################################################
1334Trying "mlsd.gov.sa"
1335;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28463
1336;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 2, ADDITIONAL: 0
1337
1338;; QUESTION SECTION:
1339;mlsd.gov.sa. IN ANY
1340
1341;; ANSWER SECTION:
1342mlsd.gov.sa. 500 IN SOA ns01.mlsd.gov.sa. hostmaster.ns01.mlsd.gov.sa. 2019073148 10800 3600 604800 86400
1343mlsd.gov.sa. 30 IN TXT "v=spf1 ip4:78.93.30.230 ip4:78.93.30.231 ip4:91.221.22.4 ip4:91.221.22.16 ip4:185.63.233.34 ip4:185.63.233.35 ip4:94.97.248.213 ip4:94.97.248.214 ip4:185.118.120.31 -all"
1344mlsd.gov.sa. 30 IN TXT "MS=ms66990838"
1345mlsd.gov.sa. 30 IN TXT "yZRWtfyv"
1346mlsd.gov.sa. 30 IN MX 10 smtp9.mlsd.gov.sa.
1347mlsd.gov.sa. 30 IN MX 10 smtp8.mlsd.gov.sa.
1348mlsd.gov.sa. 30 IN A 94.97.248.201
1349mlsd.gov.sa. 500 IN NS ns02.mlsd.gov.sa.
1350mlsd.gov.sa. 500 IN NS ns01.mlsd.gov.sa.
1351
1352;; AUTHORITY SECTION:
1353mlsd.gov.sa. 500 IN NS ns02.mlsd.gov.sa.
1354mlsd.gov.sa. 500 IN NS ns01.mlsd.gov.sa.
1355
1356Received 431 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 765 ms
1357#######################################################################################################################################
1358; <<>> DiG 9.11.5-P4-5.1-Debian <<>> +trace mlsd.gov.sa
1359;; global options: +cmd
1360. 79909 IN NS l.root-servers.net.
1361. 79909 IN NS a.root-servers.net.
1362. 79909 IN NS m.root-servers.net.
1363. 79909 IN NS b.root-servers.net.
1364. 79909 IN NS i.root-servers.net.
1365. 79909 IN NS j.root-servers.net.
1366. 79909 IN NS h.root-servers.net.
1367. 79909 IN NS d.root-servers.net.
1368. 79909 IN NS e.root-servers.net.
1369. 79909 IN NS c.root-servers.net.
1370. 79909 IN NS k.root-servers.net.
1371. 79909 IN NS g.root-servers.net.
1372. 79909 IN NS f.root-servers.net.
1373. 79909 IN RRSIG NS 8 0 518400 20190819050000 20190806040000 59944 . kRNl1BLEMpZVFk1VLpVQgFTsWwKAwSm2Vnz7l5bYinTMEeHZXkP+E57s 6JeZ43WXD+sQde4oGwTUyTxbGhUYCw/kh6JVz5REpdCLEuW2ZaBBJXRO E50gXh4yno4fs6fsPJ5UcFK811xG/kNp5k7tqnwsjc3/i2iygtAyh40K w9rUDjPs0cheQRIOC+8RDsCRB8W3rS+bi+o6vvCZd2vbjst+vnZkrI2K sTXSKpFQE60JpxK7EOzDvFrUAtf7IKE3SucCqYX+rBgmNkW+h41U/W02 YhWAmTEJjQ5ZaWxabo1q0+vCW2pvu6pjIwjH+JxZAnqfw2UxQEHCwQOs 85PQuw==
1374;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 269 ms
1375
1376sa. 172800 IN NS i.nic.net.sa.
1377sa. 172800 IN NS n.nic.net.sa.
1378sa. 172800 IN NS p.nic.net.sa.
1379sa. 172800 IN NS s.nic.net.sa.
1380sa. 172800 IN NS s2.nic.net.sa.
1381sa. 172800 IN NS ns1.nic.net.sa.
1382sa. 172800 IN NS ns2.nic.net.sa.
1383sa. 86400 IN DS 30574 8 2 02FC3370C8453439627440B913A8C0A6A4698F9E503F6BBB553D75D7 7E34367E
1384sa. 86400 IN RRSIG DS 8 1 86400 20190819170000 20190806160000 59944 . Nm7+NMAZ0Id8qYnRSieWvqAGNndiWTeaQR8Czrpos/n/HrSrnPMowNte hWfxSIMm6v3JPKmGnq7tL2Yjba7ru0xqbZc+TyMj2Lti7PXIpdDIdRgr 8DlqhE49HdfqFBsUM1uUPY5AZmy5jMip7ObcsqHbpSHET6nyv3OSQ5gm o0Tj7FIG8jVzXHMzGCPN3ysXlIZ02YwEEQ/5Si1YmYtCS+CbpqQC3gMb ib/jltc7HdLnzP0MiawJnnbEEw1lunvbievmVhQz+XenGakZKTx/tusb 0/PsDSmguiLJSQX3sLopqS35Yl/udQpocarwtV0/NbDwSp2DiZhVqfdp 73AHHQ==
1385;; Received 808 bytes from 192.5.5.241#53(f.root-servers.net) in 340 ms
1386
1387mlsd.gov.sa. 3600 IN NS ns03.tamkeentech.sa.
1388mlsd.gov.sa. 3600 IN NS ns04.tamkeentech.sa.
1389bjfg8gjvd7q16kjknk05880pjdglhplj.gov.sa. 3600 IN NSEC3 1 1 5 63938D6D460D499A BUN018SJTB1EJDD6K0KPA1HN7VG9FNKD NS SOA RRSIG DNSKEY NSEC3PARAM
1390bjfg8gjvd7q16kjknk05880pjdglhplj.gov.sa. 3600 IN RRSIG NSEC3 8 3 3600 20190820155402 20190806145354 65268 gov.sa. RBKZlI0Ry7G7fTxXvR8X77uXPDRPO5Uhp4p9S3+r47etfPPrMeslv1bY lS1XHOQbwATniG8jiuJd3bDBr1TUh/oDX+JVSfK5SZqi+rVGsSMI2O08 JU3hrFpJs5ys2L6gbZvYvxKFlfPDfQlS5lmgZPzOlttdP4vK9mIfyBAt EzPkHKTjlR39OVzHurc/kqn/wKoaWuYBroZBfXNr9TdBHg60l0cvWmFH rQV0ckDBJYWJDhm52hIucBkkCM3H1HDREcLuu8eq4s5bZOF0a9o2PMda hDSvlWL20/hh0s7fO4/L2lJOEvELjf+doX1wLzXKIi/fj9BhuTGhnGKh 92rK6Q==
13913iootshdvhb24c84f31rhj2lqtqn582s.gov.sa. 3600 IN NSEC3 1 1 5 63938D6D460D499A 6RMRVV4LBJV8EEUBRFGP1Q0E518T6245 NS DS RRSIG
13923iootshdvhb24c84f31rhj2lqtqn582s.gov.sa. 3600 IN RRSIG NSEC3 8 3 3600 20190820155452 20190806145354 65268 gov.sa. mrGenH/VRX340ZMNmkImtUkVGug0OboYEMnuqqvT63ROj0dS7uzyxEkD 3c3F+B4ojfw9x7qbAV7ZCgvOox9OUahwcfMkTSGSgGunQnsPiZt/OBb3 0DDZPbTmQmyHSUz5nAV6h+Cg1GzsWfTrsokPFnj7Ubr08aXRw54akk0N EFglLUG4pzbjj+XC1Zf+EhpibYz2Wv1U/njrA0cMm2SO6IA3k2TAFdmQ KVfJfYExLEYiw81OvOB4qpFeZvM6D0ZWD9ZaTQmbSbPbSyCJ8uBoRIh4 1MdV1kl9nzHrTU23NW6LzL0T+2uj2MX4EoQmZ6/x/YYiNrmkxU8pQMKg HIjSeg==
1393;; Received 853 bytes from 2001:67c:130:410::9#53(ns1.nic.net.sa) in 193 ms
1394
1395mlsd.gov.sa. 30 IN A 94.97.248.201
1396mlsd.gov.sa. 500 IN NS ns01.mlsd.gov.sa.
1397mlsd.gov.sa. 500 IN NS ns02.mlsd.gov.sa.
1398;; Received 126 bytes from 185.118.120.10#53(ns03.tamkeentech.sa) in 413 ms
1399#######################################################################################################################################
1400[*] Performing General Enumeration of Domain: mlsd.gov.sa
1401[-] DNSSEC is not configured for mlsd.gov.sa
1402[*] SOA ns01.mlsd.gov.sa 185.118.120.10
1403[*] NS ns01.mlsd.gov.sa 185.118.120.10
1404[*] NS ns02.mlsd.gov.sa 185.118.121.10
1405[*] MX smtp9.mlsd.gov.sa 94.97.248.214
1406[*] MX smtp8.mlsd.gov.sa 94.97.248.213
1407[*] A mlsd.gov.sa 94.97.248.201
1408[*] TXT mlsd.gov.sa yZRWtfyv
1409[*] TXT mlsd.gov.sa v=spf1 ip4:78.93.30.230 ip4:78.93.30.231 ip4:91.221.22.4 ip4:91.221.22.16 ip4:185.63.233.34 ip4:185.63.233.35 ip4:94.97.248.213 ip4:94.97.248.214 ip4:185.118.120.31 -all
1410[*] TXT mlsd.gov.sa MS=ms66990838
1411[*] Enumerating SRV Records
1412[*] SRV _sips._tcp.mlsd.gov.sa expwye2.mlsd.gov.sa 46.49.138.8 5061 10
1413[*] SRV _sip._tcp.mlsd.gov.sa expwye2.mlsd.gov.sa 46.49.138.8 5060 10
1414[*] SRV _h323cs._tcp.mlsd.gov.sa expwye2.mlsd.gov.sa 46.49.138.8 1720 10
1415[*] SRV _sipfederationtls._tcp.mlsd.gov.sa access.mlsd.gov.sa.mlsd.gov.sa no_ip 5061 10
1416[*] SRV _sip._tls.mlsd.gov.sa access.mlsd.gov.sa.mlsd.gov.sa no_ip 443 10
1417[+] 5 Records Found
1418#######################################################################################################################################
1419 AVAILABLE PLUGINS
1420 -----------------
1421
1422 OpenSslCipherSuitesPlugin
1423 CertificateInfoPlugin
1424 HeartbleedPlugin
1425 SessionRenegotiationPlugin
1426 CompressionPlugin
1427 HttpHeadersPlugin
1428 SessionResumptionPlugin
1429 OpenSslCcsInjectionPlugin
1430 FallbackScsvPlugin
1431 RobotPlugin
1432 EarlyDataPlugin
1433
1434
1435
1436 CHECKING HOST(S) AVAILABILITY
1437 -----------------------------
1438
1439 94.97.248.201:443 => 94.97.248.201
1440
1441
1442
1443
1444 SCAN RESULTS FOR 94.97.248.201:443 - 94.97.248.201
1445 --------------------------------------------------
1446
1447 * Certificate Information:
1448 Content
1449 SHA1 Fingerprint: 6ceadf25bb684d940ebbae8949796b6a7ec7dc0f
1450 Common Name: mlsd.gov.sa
1451 Issuer: Thawte RSA CA 2018
1452 Serial Number: 4752646662746796576523987093031996842
1453 Not Before: 2019-05-08 00:00:00
1454 Not After: 2020-05-07 12:00:00
1455 Signature Algorithm: sha256
1456 Public Key Algorithm: RSA
1457 Key Size: 2048
1458 Exponent: 65537 (0x10001)
1459 DNS Subject Alternative Names: ['mlsd.gov.sa', 'www.mlsd.gov.sa', 'sd.mlsd.gov.sa']
1460
1461 Trust
1462 Hostname Validation: FAILED - Certificate does NOT match 94.97.248.201
1463 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1464 iOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1465 Java CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1466 macOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1467 Mozilla CA Store (2018-11-22): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1468 OPENJDK CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1469 Windows CA Store (2018-12-08): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
1470 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
1471 Received Chain: mlsd.gov.sa
1472 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
1473 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
1474 Received Chain Order: OK - Order is valid
1475 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
1476
1477 Extensions
1478 OCSP Must-Staple: NOT SUPPORTED - Extension not found
1479 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
1480
1481 OCSP Stapling
1482 NOT SUPPORTED - Server did not send back an OCSP response
1483
1484 * OpenSSL Heartbleed:
1485 OK - Not vulnerable to Heartbleed
1486
1487 * TLSV1_1 Cipher Suites:
1488 Server rejected all cipher suites.
1489
1490 * TLS 1.2 Session Resumption Support:
1491 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1492 With TLS Tickets: OK - Supported
1493
1494 * TLSV1 Cipher Suites:
1495 Server rejected all cipher suites.
1496
1497 * TLSV1_2 Cipher Suites:
1498 Forward Secrecy INSECURE - Not Supported
1499 RC4 OK - Not Supported
1500
1501 Preferred:
1502 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1503 Accepted:
1504 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1505 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
1506 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1507 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1508 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1509 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1510
1511 * Deflate Compression:
1512 OK - Compression disabled
1513
1514 * SSLV2 Cipher Suites:
1515 Server rejected all cipher suites.
1516
1517 * OpenSSL CCS Injection:
1518 OK - Not vulnerable to OpenSSL CCS injection
1519
1520 * SSLV3 Cipher Suites:
1521 Server rejected all cipher suites.
1522
1523 * Downgrade Attacks:
1524 TLS_FALLBACK_SCSV: OK - Supported
1525
1526 * Session Renegotiation:
1527 Client-initiated Renegotiation: OK - Rejected
1528 Secure Renegotiation: OK - Supported
1529
1530 * TLSV1_3 Cipher Suites:
1531 Server rejected all cipher suites.
1532
1533 * ROBOT Attack:
1534 OK - Not vulnerable
1535
1536
1537 SCAN COMPLETED IN 33.97 S
1538 -------------------------
1539#######################################################################################################################################
1540Domains still to check: 1
1541 Checking if the hostname mlsd.gov.sa. given is in fact a domain...
1542
1543Analyzing domain: mlsd.gov.sa.
1544 Checking NameServers using system default resolver...
1545 IP: 185.118.120.10 (Saudi Arabia)
1546 HostName: ns01.mlsd.gov.sa Type: NS
1547 HostName: ns01.mnar.sa Type: PTR
1548 IP: 185.118.121.10 (Saudi Arabia)
1549 HostName: ns02.mlsd.gov.sa Type: NS
1550 HostName: ns04.tamkeentech.sa Type: PTR
1551
1552 Checking MailServers using system default resolver...
1553 IP: 94.97.248.213 (Saudi Arabia)
1554 HostName: smtp8.mlsd.gov.sa Type: MX
1555 HostName: stc-mgw-01.mlsd.gov.sa Type: PTR
1556 IP: 94.97.248.214 (Saudi Arabia)
1557 HostName: smtp9.mlsd.gov.sa Type: MX
1558 HostName: stc-mgw-02.mlsd.gov.sa Type: PTR
1559
1560 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1561^C No zone transfer found on nameserver 185.118.120.10
1562
1563^C No zone transfer found on nameserver 185.118.121.10
1564
1565 Checking SPF record...
1566 New IP found: 78.93.30.230
1567 New IP found: 78.93.30.231
1568 New IP found: 91.221.22.4
1569 New IP found: 91.221.22.16
1570 New IP found: 185.63.233.34
1571 New IP found: 185.63.233.35
1572 New IP found: 185.118.120.31
1573
1574 Checking 192 most common hostnames using system default resolver...
1575 IP: 94.97.248.201 (Saudi Arabia)
1576 HostName: www.mlsd.gov.sa. Type: A
1577 IP: 94.97.248.203 (Saudi Arabia)
1578 HostName: mail.mlsd.gov.sa. Type: A
1579 IP: 91.213.213.31 (Saudi Arabia)
1580 HostName: webmail.mlsd.gov.sa. Type: A
1581
1582 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1583 Checking netblock 91.221.22.0
1584 Checking netblock 91.213.213.0
1585 Checking netblock 185.118.120.0
1586 Checking netblock 94.97.248.0
1587 Checking netblock 78.93.30.0
1588 Checking netblock 185.63.233.0
1589 Checking netblock 185.118.121.0
1590
1591 Searching for mlsd.gov.sa. emails in Google
1592 gdsa_ry@mlsd.gov.sa.
1593 alwazeer@mlsd.gov.sa.
1594 talmadani@mlsd.gov.sa.
1595 info@mlsd.gov.sa.
1596 info@mlsd.gov.sa&
1597
1598 Checking 14 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1599 Host 91.221.22.16 is up (reset ttl 64)
1600 Host 91.213.213.31 is up (reset ttl 64)
1601 Host 185.118.120.10 is up (reset ttl 64)
1602 Host 94.97.248.214 is up (reset ttl 64)
1603 Host 78.93.30.231 is up (reset ttl 64)
1604 Host 78.93.30.230 is up (reset ttl 64)
1605 Host 94.97.248.213 is up (reset ttl 64)
1606 Host 185.118.120.31 is up (reset ttl 64)
1607 Host 91.221.22.4 is up (reset ttl 64)
1608 Host 185.63.233.35 is up (reset ttl 64)
1609 Host 185.63.233.34 is up (reset ttl 64)
1610 Host 185.118.121.10 is up (reset ttl 64)
1611 Host 94.97.248.201 is up (reset ttl 64)
1612 Host 94.97.248.203 is up (reset ttl 64)
1613
1614 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1615 Scanning ip 91.221.22.16 ():
1616 Scanning ip 91.213.213.31 (webmail.mlsd.gov.sa.):
1617 80/tcp open http-proxy syn-ack ttl 237 F5 BIG-IP load balancer http proxy
1618 | http-methods:
1619 |_ Supported Methods: GET HEAD POST OPTIONS
1620 |_http-open-proxy: Proxy might be redirecting requests
1621 |_http-server-header: BigIP
1622 |_http-title: Did not follow redirect to https://91.213.213.31/
1623 443/tcp open ssl/https syn-ack ttl 239 BigIP
1624 | fingerprint-strings:
1625 | FourOhFourRequest:
1626 | HTTP/1.0 302 Found
1627 | Server: BigIP
1628 | Cache-Control: no-cache, no-store
1629 | Connection: Close
1630 | Content-Length: 0
1631 | Location: /vdesk/hangup.php3
1632 | Set-Cookie: LastMRH_Session=8375507b;path=/;secure
1633 | Set-Cookie: MRHSession=42c9469e89c009cfde233e518375507b;path=/;secure
1634 | GetRequest:
1635 | HTTP/1.0 302 Found
1636 | Server: BigIP
1637 | Cache-Control: no-cache, no-store
1638 | Connection: Close
1639 | Content-Length: 0
1640 | Location: /vdesk/hangup.php3
1641 | Set-Cookie: LastMRH_Session=014a8174;path=/;secure
1642 | Set-Cookie: MRHSession=897f943f7ba3d353c2110651014a8174;path=/;secure
1643 | HTTPOptions:
1644 | HTTP/1.1 404 Not Found
1645 | Server: BigIP
1646 | Content-Type: text/html; charset=utf-8
1647 | X-XSS-Protection: 1; mode=block
1648 | X-Frame-Options: DENY
1649 | Accept-Ranges: bytes
1650 | Connection: close
1651 | Date: Tue, 06 Aug 2019 17:58:53 GMT
1652 | Age: 5072
1653 | Content-Length: 3307
1654 | <html>
1655 | <head>
1656 | <title>BIG-IP - Error Page</title>
1657 | <link rel="stylesheet" type="text/css" HREF="/public/include/css/apm.css">
1658 | <script src="/public/include/js/common.js" language="javascript"></script>
1659 | <script src="/public/include/js/agent_common.js" language="javascript"></script>
1660 | <script language="javascript">
1661 | function OnLoad()
1662 | display_session = get_cookie("LastMRH_Session");
1663 | if(null != display_session) {
1664 | document.getElementById("sessionDIV").innerHTML = '<BR>' + "The session reference number:" + ' ' + display_session + '<BR>';
1665 |_ document.getElementById("sess
1666 | http-methods:
1667 |_ Supported Methods: GET
1668 |_http-server-header: BigIP
1669 |_http-trane-info: Problem with XML parsing of /evox/about
1670 | ssl-cert: Subject: commonName=mail.mlsd.gov.sa/organizationName=Ministry Of Labor/countryName=SA
1671 | Subject Alternative Name: DNS:mail.mlsd.gov.sa, DNS:autodiscover.mlsd.gov.sa, DNS:smtp.mlsd.gov.sa, DNS:webmail.mlsd.gov.sa
1672 | Issuer: commonName=Thawte RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1673 | Public Key type: rsa
1674 | Public Key bits: 2048
1675 | Signature Algorithm: sha256WithRSAEncryption
1676 | Not valid before: 2018-09-27T00:00:00
1677 | Not valid after: 2019-09-27T12:00:00
1678 | MD5: afde bd7c cd7e ffa3 1376 e6b2 1b2f 3e7d
1679 |_SHA-1: e987 0cbc 27da 9b4b 0746 8028 842a 25db eb45 7130
1680 |_ssl-date: TLS randomness does not represent time
1681 OS Info: Service Info: Device: load balancer
1682 Scanning ip 185.118.120.10 (ns01.mnar.sa (PTR)):
1683 53/tcp open domain? syn-ack ttl 241
1684 Scanning ip 94.97.248.214 (stc-mgw-02.mlsd.gov.sa (PTR)):
1685 Device type: load balancer|general purpose|firewall|storage-misc
1686 Running (JUST GUESSING): F5 Networks TMOS 11.4.X|11.6.X (94%), Sun Solaris 8|10|9 (91%), F5 Networks embedded (91%), Sun OpenSolaris (91%), Sun embedded (91%), FreeBSD 8.X (91%)
1687 Scanning ip 78.93.30.231 ():
1688 Scanning ip 78.93.30.230 ():
1689 Scanning ip 94.97.248.213 (stc-mgw-01.mlsd.gov.sa (PTR)):
1690 Running: F5 Networks TMOS 11.4.X|11.6.X
1691 Scanning ip 185.118.120.31 ():
1692 Scanning ip 91.221.22.4 ():
1693 Scanning ip 185.63.233.35 ():
1694 Scanning ip 185.63.233.34 ():
1695 Scanning ip 185.118.121.10 (ns04.tamkeentech.sa (PTR)):
1696 53/tcp open domain? syn-ack ttl 244
1697 Scanning ip 94.97.248.201 (www.mlsd.gov.sa.):
1698 80/tcp open http syn-ack ttl 114
1699 | fingerprint-strings:
1700 | FourOhFourRequest:
1701 | HTTP/1.1 302 Found
1702 | Location: https:///nice%20ports%2C/Tri%6Eity.txt%2ebak
1703 | Connection: close
1704 | GetRequest, HTTPOptions:
1705 | HTTP/1.1 302 Found
1706 | Location: https:///
1707 |_ Connection: close
1708 | http-methods:
1709 |_ Supported Methods: GET HEAD POST OPTIONS
1710 |_http-title: Did not follow redirect to https://94.97.248.201/
1711 443/tcp open ssl/http syn-ack ttl 45 Apache httpd
1712 |_http-favicon: Unknown favicon MD5: 57266CBE410BEAB6BDEAC8E53B010FB5
1713 | http-methods:
1714 |_ Supported Methods: GET HEAD POST OPTIONS
1715 | http-robots.txt: 30 disallowed entries (15 shown)
1716 | /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
1717 | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
1718 | /LICENSE.txt /MAINTAINERS.txt /update.php /UPGRADE.txt /xmlrpc.php
1719 |_/admin/ /comment/reply/ /filter/tips/
1720 |_http-server-header: Apache
1721 |_http-title: \xD9\x88\xD8\xB2\xD8\xA7\xD8\xB1\xD8\xA9 \xD8\xA7\xD9\x84\xD8\xB9\xD9\x85\xD9\x84 \xD9\x88\xD8\xA7\xD9\x84\xD8\xAA\xD9\x86\xD9\x85\xD9\x8A\xD8\xA9 \xD8\xA7\xD9\x84\xD8\xA7\xD8\xAC\xD8\xAA\xD9\x85\xD8\xA7\xD8\xB9\xD9\x8A\xD8\xA9
1722 | ssl-cert: Subject: commonName=mlsd.gov.sa/organizationName=Ministry Of Labor/countryName=SA
1723 | Subject Alternative Name: DNS:mlsd.gov.sa, DNS:www.mlsd.gov.sa, DNS:sd.mlsd.gov.sa
1724 | Issuer: commonName=Thawte RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1725 | Public Key type: rsa
1726 | Public Key bits: 2048
1727 | Signature Algorithm: sha256WithRSAEncryption
1728 | Not valid before: 2019-05-08T00:00:00
1729 | Not valid after: 2020-05-07T12:00:00
1730 | MD5: f7d8 1665 88c5 c58f a02d 117a f5b2 4546
1731 |_SHA-1: 6cea df25 bb68 4d94 0ebb ae89 4979 6b6a 7ec7 dc0f
1732 |_ssl-date: TLS randomness does not represent time
1733 | tls-alpn:
1734 |_ http/1.1
1735 | tls-nextprotoneg:
1736 |_ http/1.1
1737 Scanning ip 94.97.248.203 (mail.mlsd.gov.sa.):
1738 Device type: firewall|load balancer
1739 Running: F5 Networks TMOS 11.4.X|11.6.X
1740 WebCrawling domain's web servers... up to 50 max links.
1741
1742 + URL to crawl: http://webmail.mlsd.gov.sa.
1743 + Date: 2019-08-06
1744
1745 + Crawling URL: http://webmail.mlsd.gov.sa.:
1746 + Links:
1747 + Crawling http://webmail.mlsd.gov.sa. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1748 + Searching for directories...
1749 + Searching open folders...
1750
1751
1752 + URL to crawl: http://webmail.mlsd.gov.sa.:443
1753 + Date: 2019-08-06
1754
1755 + Crawling URL: http://webmail.mlsd.gov.sa.:443:
1756 + Links:
1757 + Crawling http://webmail.mlsd.gov.sa.:443
1758 + Searching for directories...
1759 + Searching open folders...
1760
1761
1762 + URL to crawl: http://www.mlsd.gov.sa.
1763 + Date: 2019-08-06
1764
1765 + Crawling URL: http://www.mlsd.gov.sa.:
1766 + Links:
1767 + Crawling http://www.mlsd.gov.sa. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1768 + Searching for directories...
1769 + Searching open folders...
1770
1771
1772 + URL to crawl: https://www.mlsd.gov.sa.
1773 + Date: 2019-08-06
1774
1775 + Crawling URL: https://www.mlsd.gov.sa.:
1776 + Links:
1777 + Crawling https://www.mlsd.gov.sa. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1778 + Searching for directories...
1779 + Searching open folders...
1780
1781--Finished--
1782Summary information for domain mlsd.gov.sa.
1783-----------------------------------------
1784 Domain Specific Information:
1785 Email: gdsa_ry@mlsd.gov.sa.
1786 Email: alwazeer@mlsd.gov.sa.
1787 Email: talmadani@mlsd.gov.sa.
1788 Email: info@mlsd.gov.sa.
1789 Email: info@mlsd.gov.sa&
1790
1791 Domain Ips Information:
1792 IP: 91.221.22.16
1793 Type: SPF
1794 Is Active: True (reset ttl 64)
1795 IP: 91.213.213.31
1796 HostName: webmail.mlsd.gov.sa. Type: A
1797 Country: Saudi Arabia
1798 Is Active: True (reset ttl 64)
1799 Port: 80/tcp open http-proxy syn-ack ttl 237 F5 BIG-IP load balancer http proxy
1800 Script Info: | http-methods:
1801 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1802 Script Info: |_http-open-proxy: Proxy might be redirecting requests
1803 Script Info: |_http-server-header: BigIP
1804 Script Info: |_http-title: Did not follow redirect to https://91.213.213.31/
1805 Port: 443/tcp open ssl/https syn-ack ttl 239 BigIP
1806 Script Info: | fingerprint-strings:
1807 Script Info: | FourOhFourRequest:
1808 Script Info: | HTTP/1.0 302 Found
1809 Script Info: | Server: BigIP
1810 Script Info: | Cache-Control: no-cache, no-store
1811 Script Info: | Connection: Close
1812 Script Info: | Content-Length: 0
1813 Script Info: | Location: /vdesk/hangup.php3
1814 Script Info: | Set-Cookie: LastMRH_Session=8375507b;path=/;secure
1815 Script Info: | Set-Cookie: MRHSession=42c9469e89c009cfde233e518375507b;path=/;secure
1816 Script Info: | GetRequest:
1817 Script Info: | HTTP/1.0 302 Found
1818 Script Info: | Server: BigIP
1819 Script Info: | Cache-Control: no-cache, no-store
1820 Script Info: | Connection: Close
1821 Script Info: | Content-Length: 0
1822 Script Info: | Location: /vdesk/hangup.php3
1823 Script Info: | Set-Cookie: LastMRH_Session=014a8174;path=/;secure
1824 Script Info: | Set-Cookie: MRHSession=897f943f7ba3d353c2110651014a8174;path=/;secure
1825 Script Info: | HTTPOptions:
1826 Script Info: | HTTP/1.1 404 Not Found
1827 Script Info: | Server: BigIP
1828 Script Info: | Content-Type: text/html; charset=utf-8
1829 Script Info: | X-XSS-Protection: 1; mode=block
1830 Script Info: | X-Frame-Options: DENY
1831 Script Info: | Accept-Ranges: bytes
1832 Script Info: | Connection: close
1833 Script Info: | Date: Tue, 06 Aug 2019 17:58:53 GMT
1834 Script Info: | Age: 5072
1835 Script Info: | Content-Length: 3307
1836 Script Info: | <html>
1837 Script Info: | <head>
1838 Script Info: | <title>BIG-IP - Error Page</title>
1839 Script Info: | <link rel="stylesheet" type="text/css" HREF="/public/include/css/apm.css">
1840 Script Info: | <script src="/public/include/js/common.js" language="javascript"></script>
1841 Script Info: | <script src="/public/include/js/agent_common.js" language="javascript"></script>
1842 Script Info: | <script language="javascript">
1843 Script Info: | function OnLoad()
1844 Script Info: | display_session = get_cookie("LastMRH_Session");
1845 Script Info: | if(null != display_session) {
1846 Script Info: | document.getElementById("sessionDIV").innerHTML = '<BR>' + "The session reference number:" + ' ' + display_session + '<BR>';
1847 Script Info: |_ document.getElementById("sess
1848 Script Info: | http-methods:
1849 Script Info: |_ Supported Methods: GET
1850 Script Info: |_http-server-header: BigIP
1851 Script Info: |_http-trane-info: Problem with XML parsing of /evox/about
1852 Script Info: | ssl-cert: Subject: commonName=mail.mlsd.gov.sa/organizationName=Ministry Of Labor/countryName=SA
1853 Script Info: | Subject Alternative Name: DNS:mail.mlsd.gov.sa, DNS:autodiscover.mlsd.gov.sa, DNS:smtp.mlsd.gov.sa, DNS:webmail.mlsd.gov.sa
1854 Script Info: | Issuer: commonName=Thawte RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1855 Script Info: | Public Key type: rsa
1856 Script Info: | Public Key bits: 2048
1857 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1858 Script Info: | Not valid before: 2018-09-27T00:00:00
1859 Script Info: | Not valid after: 2019-09-27T12:00:00
1860 Script Info: | MD5: afde bd7c cd7e ffa3 1376 e6b2 1b2f 3e7d
1861 Script Info: |_SHA-1: e987 0cbc 27da 9b4b 0746 8028 842a 25db eb45 7130
1862 Script Info: |_ssl-date: TLS randomness does not represent time
1863 Os Info: Device: load balancer
1864 IP: 185.118.120.10
1865 HostName: ns01.mlsd.gov.sa Type: NS
1866 HostName: ns01.mnar.sa Type: PTR
1867 Country: Saudi Arabia
1868 Is Active: True (reset ttl 64)
1869 Port: 53/tcp open domain? syn-ack ttl 241
1870 IP: 94.97.248.214
1871 HostName: smtp9.mlsd.gov.sa Type: MX
1872 HostName: stc-mgw-02.mlsd.gov.sa Type: PTR
1873 Type: SPF
1874 Country: Saudi Arabia
1875 Is Active: True (reset ttl 64)
1876 Script Info: Device type: load balancer|general purpose|firewall|storage-misc
1877 Script Info: Running (JUST GUESSING): F5 Networks TMOS 11.4.X|11.6.X (94%), Sun Solaris 8|10|9 (91%), F5 Networks embedded (91%), Sun OpenSolaris (91%), Sun embedded (91%), FreeBSD 8.X (91%)
1878 IP: 78.93.30.231
1879 Type: SPF
1880 Is Active: True (reset ttl 64)
1881 IP: 78.93.30.230
1882 Type: SPF
1883 Is Active: True (reset ttl 64)
1884 IP: 94.97.248.213
1885 HostName: smtp8.mlsd.gov.sa Type: MX
1886 HostName: stc-mgw-01.mlsd.gov.sa Type: PTR
1887 Type: SPF
1888 Country: Saudi Arabia
1889 Is Active: True (reset ttl 64)
1890 Script Info: Running: F5 Networks TMOS 11.4.X|11.6.X
1891 IP: 185.118.120.31
1892 Type: SPF
1893 Is Active: True (reset ttl 64)
1894 IP: 91.221.22.4
1895 Type: SPF
1896 Is Active: True (reset ttl 64)
1897 IP: 185.63.233.35
1898 Type: SPF
1899 Is Active: True (reset ttl 64)
1900 IP: 185.63.233.34
1901 Type: SPF
1902 Is Active: True (reset ttl 64)
1903 IP: 185.118.121.10
1904 HostName: ns02.mlsd.gov.sa Type: NS
1905 HostName: ns04.tamkeentech.sa Type: PTR
1906 Country: Saudi Arabia
1907 Is Active: True (reset ttl 64)
1908 Port: 53/tcp open domain? syn-ack ttl 244
1909 IP: 94.97.248.201
1910 HostName: www.mlsd.gov.sa. Type: A
1911 Country: Saudi Arabia
1912 Is Active: True (reset ttl 64)
1913 Port: 80/tcp open http syn-ack ttl 114
1914 Script Info: | fingerprint-strings:
1915 Script Info: | FourOhFourRequest:
1916 Script Info: | HTTP/1.1 302 Found
1917 Script Info: | Location: https:///nice%20ports%2C/Tri%6Eity.txt%2ebak
1918 Script Info: | Connection: close
1919 Script Info: | GetRequest, HTTPOptions:
1920 Script Info: | HTTP/1.1 302 Found
1921 Script Info: | Location: https:///
1922 Script Info: |_ Connection: close
1923 Script Info: | http-methods:
1924 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1925 Script Info: |_http-title: Did not follow redirect to https://94.97.248.201/
1926 Port: 443/tcp open ssl/http syn-ack ttl 45 Apache httpd
1927 Script Info: |_http-favicon: Unknown favicon MD5: 57266CBE410BEAB6BDEAC8E53B010FB5
1928 Script Info: | http-methods:
1929 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1930 Script Info: | http-robots.txt: 30 disallowed entries (15 shown)
1931 Script Info: | /CHANGELOG.txt /cron.php /INSTALL.mysql.txt
1932 Script Info: | /INSTALL.pgsql.txt /INSTALL.sqlite.txt /install.php /INSTALL.txt
1933 Script Info: | /LICENSE.txt /MAINTAINERS.txt /update.php /UPGRADE.txt /xmlrpc.php
1934 Script Info: |_/admin/ /comment/reply/ /filter/tips/
1935 Script Info: |_http-server-header: Apache
1936 Script Info: |_http-title: \xD9\x88\xD8\xB2\xD8\xA7\xD8\xB1\xD8\xA9 \xD8\xA7\xD9\x84\xD8\xB9\xD9\x85\xD9\x84 \xD9\x88\xD8\xA7\xD9\x84\xD8\xAA\xD9\x86\xD9\x85\xD9\x8A\xD8\xA9 \xD8\xA7\xD9\x84\xD8\xA7\xD8\xAC\xD8\xAA\xD9\x85\xD8\xA7\xD8\xB9\xD9\x8A\xD8\xA9
1937 Script Info: | ssl-cert: Subject: commonName=mlsd.gov.sa/organizationName=Ministry Of Labor/countryName=SA
1938 Script Info: | Subject Alternative Name: DNS:mlsd.gov.sa, DNS:www.mlsd.gov.sa, DNS:sd.mlsd.gov.sa
1939 Script Info: | Issuer: commonName=Thawte RSA CA 2018/organizationName=DigiCert Inc/countryName=US
1940 Script Info: | Public Key type: rsa
1941 Script Info: | Public Key bits: 2048
1942 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1943 Script Info: | Not valid before: 2019-05-08T00:00:00
1944 Script Info: | Not valid after: 2020-05-07T12:00:00
1945 Script Info: | MD5: f7d8 1665 88c5 c58f a02d 117a f5b2 4546
1946 Script Info: |_SHA-1: 6cea df25 bb68 4d94 0ebb ae89 4979 6b6a 7ec7 dc0f
1947 Script Info: |_ssl-date: TLS randomness does not represent time
1948 Script Info: | tls-alpn:
1949 Script Info: |_ http/1.1
1950 Script Info: | tls-nextprotoneg:
1951 Script Info: |_ http/1.1
1952 IP: 94.97.248.203
1953 HostName: mail.mlsd.gov.sa. Type: A
1954 Country: Saudi Arabia
1955 Is Active: True (reset ttl 64)
1956 Script Info: Device type: firewall|load balancer
1957 Script Info: Running: F5 Networks TMOS 11.4.X|11.6.X
1958#######################################################################################################################################
1959[INFO] ------TARGET info------
1960[*] TARGET: https://mlsd.gov.sa/
1961[*] TARGET IP: 94.97.248.201
1962[INFO] NO load balancer detected for mlsd.gov.sa...
1963[*] DNS servers: ns01.mlsd.gov.sa.
1964[*] TARGET server:
1965[*] CC: SA
1966[*] Country: Saudi Arabia
1967[*] RegionCode: 01
1968[*] RegionName: Ar Riyāḑ
1969[*] City: Riyadh
1970[*] ASN: AS9044
1971[*] BGP_PREFIX: 64.0.0.0/3
1972[*] ISP: SOLNET BSE Software GmbH, CH
1973[INFO] SSL/HTTPS certificate detected
1974[*] Issuer: issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Thawte RSA CA 2018
1975[*] Subject: subject=C = SA, L = Riyadh, O = Ministry Of Labor, OU = MOL IT, CN = mlsd.gov.sa
1976[INFO] DNS enumeration:
1977[*] admin.mlsd.gov.sa 86.60.120.252 86.60.120.248
1978[*] mail.mlsd.gov.sa mail.wip.mlsd.gov.sa. 94.97.248.203
1979[*] webconf.mlsd.gov.sa 37.224.16.82
1980[*] webmail.mlsd.gov.sa 91.213.213.31
1981[*] webportal.mlsd.gov.sa 78.93.30.236
1982[INFO] Possible abuse mails are:
1983[*] abuse@mlsd.gov.sa
1984[*] abuse@saudi.net.sa
1985[*] registry@saudi.net.sa
1986[*] registry@stc.com.sa
1987[INFO] NO PAC (Proxy Auto Configuration) file FOUND
1988[INFO] Starting FUZZing in http://mlsd.gov.sa/FUzZzZzZzZz...
1989[INFO] Status code Folders
1990[*] 302 http://mlsd.gov.sa/index
1991[*] 302 http://mlsd.gov.sa/images
1992[*] 302 http://mlsd.gov.sa/download
1993[*] 302 http://mlsd.gov.sa/2006
1994[*] 302 http://mlsd.gov.sa/news
1995[*] 302 http://mlsd.gov.sa/crack
1996[*] 302 http://mlsd.gov.sa/serial
1997[*] 302 http://mlsd.gov.sa/warez
1998[*] 302 http://mlsd.gov.sa/full
1999[*] 302 http://mlsd.gov.sa/12
2000[INFO] NO passwords found in source code
2001[INFO] SAME content in http://mlsd.gov.sa/ AND http://94.97.248.201/
2002
2003Recherche mlsd.gov.sa
2004Connexion HTTPS à mlsd.gov.sa
2005
2006lynx : accès impossible au fichier de départ https://mlsd.gov.sa/
2007[INFO] Links found from https://mlsd.gov.sa/:
2008[INFO] GOOGLE has 512,000 results (0.30 seconds) about http://mlsd.gov.sa/
2009[INFO] BING shows 94.97.248.201 is shared with 36 hosts/vhosts
2010[INFO] Shodan detected the following opened ports on 94.97.248.201:
2011[*] 443
2012[*] 80
2013[INFO] ------VirusTotal SECTION------
2014[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
2015[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
2016[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
2017[INFO] ------Alexa Rank SECTION------
2018[INFO] Percent of Visitors Rank in Country:
2019[INFO] Percent of Search Traffic:
2020[INFO] Percent of Unique Visits:
2021[INFO] Total Sites Linking In:
2022[*] Total Sites
2023[INFO] Useful links related to mlsd.gov.sa - 94.97.248.201:
2024[*] https://www.virustotal.com/pt/ip-address/94.97.248.201/information/
2025[*] https://www.hybrid-analysis.com/search?host=94.97.248.201
2026[*] https://www.shodan.io/host/94.97.248.201
2027[*] https://www.senderbase.org/lookup/?search_string=94.97.248.201
2028[*] https://www.alienvault.com/open-threat-exchange/ip/94.97.248.201
2029[*] http://pastebin.com/search?q=94.97.248.201
2030[*] http://urlquery.net/search.php?q=94.97.248.201
2031[*] http://www.alexa.com/siteinfo/mlsd.gov.sa
2032[*] http://www.google.com/safebrowsing/diagnostic?site=mlsd.gov.sa
2033[*] https://censys.io/ipv4/94.97.248.201
2034[*] https://www.abuseipdb.com/check/94.97.248.201
2035[*] https://urlscan.io/search/#94.97.248.201
2036[*] https://github.com/search?q=94.97.248.201&type=Code
2037[INFO] Useful links related to AS9044 - 64.0.0.0/3:
2038[*] http://www.google.com/safebrowsing/diagnostic?site=AS:9044
2039[*] https://www.senderbase.org/lookup/?search_string=64.0.0.0/3
2040[*] http://bgp.he.net/AS9044
2041[*] https://stat.ripe.net/AS9044
2042[INFO] Date: 06/08/19 | Time: 13:39:35
2043[INFO] Total time: 2 minute(s) and 18 second(s)
2044#######################################################################################################################################
2045Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-06 13:47 EDT
2046Nmap scan report for 94.97.248.201
2047Host is up (0.49s latency).
2048Not shown: 351 closed ports, 123 filtered ports
2049Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2050PORT STATE SERVICE
205180/tcp open http
2052443/tcp open https
2053#######################################################################################################################################
2054Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-06 13:47 EDT
2055Nmap scan report for 94.97.248.201
2056Host is up (0.38s latency).
2057
2058PORT STATE SERVICE VERSION
205980/tcp open http
2060| fingerprint-strings:
2061| FourOhFourRequest:
2062| HTTP/1.1 302 Found
2063| Location: https:///nice%20ports%2C/Tri%6Eity.txt%2ebak
2064| Connection: close
2065| GetRequest, HTTPOptions:
2066| HTTP/1.1 302 Found
2067| Location: https:///
2068|_ Connection: close
20691 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
2070SF-Port80-TCP:V=7.70%I=7%D=8/6%Time=5D49BD4A%P=x86_64-pc-linux-gnu%r(GetRe
2071SF:quest,3E,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https:///\r\nConnec
2072SF:tion:\x20close\r\n\r\n")%r(HTTPOptions,3E,"HTTP/1\.1\x20302\x20Found\r\
2073SF:nLocation:\x20https:///\r\nConnection:\x20close\r\n\r\n")%r(FourOhFourR
2074SF:equest,61,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https:///nice%20po
2075SF:rts%2C/Tri%6Eity\.txt%2ebak\r\nConnection:\x20close\r\n\r\n");
2076Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
2077OS fingerprint not ideal because: Timing level 5 (Insane) used
2078No OS matches for host
2079Network Distance: 14 hops
2080
2081TRACEROUTE (using port 80/tcp)
2082HOP RTT ADDRESS
20831 197.70 ms 10.248.200.1
20842 199.10 ms 213.184.122.97
20853 234.10 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
20864 236.74 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
20875 235.35 ms bzq-219-189-90.dsl.bezeqint.net (62.219.189.90)
20886 294.55 ms ae3.cr6-mrs1.ip4.gtt.net (141.136.96.141)
20897 294.59 ms et-1-0-25.cr5-mrs1.ip4.gtt.net (213.200.126.145)
20908 ...
20919 368.20 ms 212.73.201.170
209210 383.19 ms 10.188.195.53
209311 443.44 ms 10.188.193.20
209412 443.36 ms 10.188.193.41
209513 414.06 ms 94.97.246.67
209614 412.01 ms 94.97.248.201
2097######################################################################################################################################
2098http://94.97.248.201 [302 Found] Country[SAUDI ARABIA][SA], IP[94.97.248.201], RedirectLocation[https://94.97.248.201/]
2099https://94.97.248.201/ [200 OK] Apache, Content-Language[ar], Cookies[LIPICINX], Country[SAUDI ARABIA][SA], Drupal, HTML5, HTTPServer[Apache], IP[94.97.248.201], JQuery[1.10.2,3.3.1], Script[text/javascript], Strict-Transport-Security[max-age=63072000; includeSubDomains], Title[وزارة العمل والتنمية الاجتماعية], UncommonHeaders[x-drupal-cache,x-content-type-options], X-Frame-Options[SameOrigin], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block]
2100#######################################################################################################################################
2101Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-06 13:51 EDT
2102Nmap scan report for 94.97.248.201
2103Host is up (0.33s latency).
2104
2105PORT STATE SERVICE VERSION
2106443/tcp open ssl/http Apache httpd
2107| vulscan: VulDB - https://vuldb.com:
2108| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
2109| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
2110| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
2111| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
2112| [134416] Apache Sanselan 0.97-incubator Loop denial of service
2113| [134415] Apache Sanselan 0.97-incubator Hang denial of service
2114| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
2115| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
2116| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2117| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
2118| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
2119| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
2120| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
2121| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
2122| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
2123| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
2124| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
2125| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
2126| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
2127| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2128| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
2129| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
2130| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
2131| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
2132| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
2133| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2134| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
2135| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
2136| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
2137| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
2138| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
2139| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
2140| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
2141| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
2142| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
2143| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
2144| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
2145| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
2146| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
2147| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
2148| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
2149| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
2150| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
2151| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
2152| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
2153| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
2154| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
2155| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
2156| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
2157| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
2158| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
2159| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
2160| [131859] Apache Hadoop up to 2.9.1 privilege escalation
2161| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
2162| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
2163| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
2164| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
2165| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
2166| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
2167| [130629] Apache Guacamole Cookie Flag weak encryption
2168| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
2169| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
2170| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
2171| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
2172| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
2173| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
2174| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
2175| [130123] Apache Airflow up to 1.8.2 information disclosure
2176| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
2177| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
2178| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
2179| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
2180| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2181| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2182| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
2183| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
2184| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
2185| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
2186| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
2187| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
2188| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2189| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
2190| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
2191| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
2192| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
2193| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
2194| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2195| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
2196| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
2197| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
2198| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
2199| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
2200| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
2201| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
2202| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
2203| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
2204| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
2205| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
2206| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
2207| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
2208| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
2209| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
2210| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
2211| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
2212| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
2213| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
2214| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
2215| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
2216| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
2217| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
2218| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
2219| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
2220| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
2221| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
2222| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
2223| [127007] Apache Spark Request Code Execution
2224| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
2225| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
2226| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
2227| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
2228| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
2229| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
2230| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
2231| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
2232| [126346] Apache Tomcat Path privilege escalation
2233| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
2234| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
2235| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
2236| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
2237| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
2238| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
2239| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
2240| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
2241| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
2242| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
2243| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
2244| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
2245| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
2246| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
2247| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
2248| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
2249| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
2250| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
2251| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
2252| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
2253| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
2254| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
2255| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
2256| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
2257| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
2258| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
2259| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
2260| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
2261| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
2262| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
2263| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
2264| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
2265| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
2266| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
2267| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
2268| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
2269| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
2270| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
2271| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
2272| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
2273| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
2274| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
2275| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
2276| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
2277| [123197] Apache Sentry up to 2.0.0 privilege escalation
2278| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
2279| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
2280| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
2281| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
2282| [122800] Apache Spark 1.3.0 REST API weak authentication
2283| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
2284| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
2285| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
2286| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
2287| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
2288| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
2289| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
2290| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
2291| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
2292| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
2293| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
2294| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
2295| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
2296| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
2297| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
2298| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
2299| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
2300| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
2301| [121354] Apache CouchDB HTTP API Code Execution
2302| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
2303| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
2304| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
2305| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
2306| [120168] Apache CXF weak authentication
2307| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
2308| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
2309| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
2310| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
2311| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
2312| [119306] Apache MXNet Network Interface privilege escalation
2313| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
2314| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
2315| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
2316| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
2317| [118143] Apache NiFi activemq-client Library Deserialization denial of service
2318| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
2319| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
2320| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
2321| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
2322| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
2323| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
2324| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
2325| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
2326| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
2327| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
2328| [117115] Apache Tika up to 1.17 tika-server command injection
2329| [116929] Apache Fineract getReportType Parameter privilege escalation
2330| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
2331| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
2332| [116926] Apache Fineract REST Hand Parameter privilege escalation
2333| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
2334| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
2335| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
2336| [115883] Apache Hive up to 2.3.2 privilege escalation
2337| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
2338| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
2339| [115518] Apache Ignite 2.3 Deserialization privilege escalation
2340| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
2341| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
2342| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
2343| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
2344| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
2345| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
2346| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
2347| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
2348| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
2349| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
2350| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
2351| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
2352| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
2353| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
2354| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
2355| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
2356| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
2357| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
2358| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
2359| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
2360| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
2361| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
2362| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
2363| [113895] Apache Geode up to 1.3.x Code Execution
2364| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
2365| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
2366| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
2367| [113747] Apache Tomcat Servlets privilege escalation
2368| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
2369| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
2370| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
2371| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
2372| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
2373| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2374| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
2375| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
2376| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
2377| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
2378| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
2379| [112885] Apache Allura up to 1.8.0 File information disclosure
2380| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
2381| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
2382| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
2383| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
2384| [112625] Apache POI up to 3.16 Loop denial of service
2385| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
2386| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
2387| [112339] Apache NiFi 1.5.0 Header privilege escalation
2388| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
2389| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
2390| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
2391| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
2392| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
2393| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
2394| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
2395| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
2396| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
2397| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
2398| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
2399| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
2400| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
2401| [112114] Oracle 9.1 Apache Log4j privilege escalation
2402| [112113] Oracle 9.1 Apache Log4j privilege escalation
2403| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
2404| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
2405| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
2406| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
2407| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
2408| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
2409| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
2410| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
2411| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
2412| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
2413| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
2414| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
2415| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
2416| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
2417| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
2418| [110701] Apache Fineract Query Parameter sql injection
2419| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
2420| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
2421| [110393] Apple macOS up to 10.13.2 apache information disclosure
2422| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
2423| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
2424| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
2425| [110106] Apache CXF Fediz Spring cross site request forgery
2426| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
2427| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
2428| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
2429| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
2430| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
2431| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
2432| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
2433| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
2434| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
2435| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
2436| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
2437| [108938] Apple macOS up to 10.13.1 apache denial of service
2438| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
2439| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
2440| [108935] Apple macOS up to 10.13.1 apache denial of service
2441| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
2442| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
2443| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
2444| [108931] Apple macOS up to 10.13.1 apache denial of service
2445| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
2446| [108929] Apple macOS up to 10.13.1 apache denial of service
2447| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
2448| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
2449| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
2450| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
2451| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
2452| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
2453| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
2454| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
2455| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
2456| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
2457| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
2458| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
2459| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
2460| [108782] Apache Xerces2 XML Service denial of service
2461| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
2462| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
2463| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
2464| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
2465| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
2466| [108629] Apache OFBiz up to 10.04.01 privilege escalation
2467| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
2468| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
2469| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
2470| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
2471| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
2472| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
2473| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
2474| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
2475| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
2476| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
2477| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
2478| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
2479| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
2480| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
2481| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
2482| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
2483| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
2484| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
2485| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
2486| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
2487| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
2488| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
2489| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
2490| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
2491| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
2492| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
2493| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
2494| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
2495| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
2496| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
2497| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
2498| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
2499| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
2500| [107639] Apache NiFi 1.4.0 XML External Entity
2501| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
2502| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
2503| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
2504| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
2505| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
2506| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
2507| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
2508| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
2509| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
2510| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
2511| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
2512| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2513| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
2514| [107197] Apache Xerces Jelly Parser XML File XML External Entity
2515| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
2516| [107084] Apache Struts up to 2.3.19 cross site scripting
2517| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
2518| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
2519| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
2520| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
2521| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
2522| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
2523| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
2524| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
2525| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
2526| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
2527| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
2528| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
2529| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2530| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
2531| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
2532| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
2533| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
2534| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
2535| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
2536| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
2537| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
2538| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
2539| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
2540| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
2541| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
2542| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
2543| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
2544| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
2545| [105878] Apache Struts up to 2.3.24.0 privilege escalation
2546| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
2547| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
2548| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
2549| [105643] Apache Pony Mail up to 0.8b weak authentication
2550| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
2551| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
2552| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
2553| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
2554| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
2555| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
2556| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
2557| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
2558| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
2559| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
2560| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
2561| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
2562| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
2563| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
2564| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
2565| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
2566| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
2567| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
2568| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
2569| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
2570| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
2571| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
2572| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
2573| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
2574| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
2575| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
2576| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
2577| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
2578| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
2579| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
2580| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
2581| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
2582| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
2583| [103690] Apache OpenMeetings 1.0.0 sql injection
2584| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
2585| [103688] Apache OpenMeetings 1.0.0 weak encryption
2586| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
2587| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
2588| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
2589| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
2590| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
2591| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
2592| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
2593| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
2594| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
2595| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
2596| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
2597| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
2598| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
2599| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
2600| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
2601| [103352] Apache Solr Node weak authentication
2602| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
2603| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
2604| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
2605| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
2606| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
2607| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
2608| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
2609| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
2610| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
2611| [102536] Apache Ranger up to 0.6 Stored cross site scripting
2612| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
2613| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
2614| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
2615| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
2616| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
2617| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
2618| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
2619| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
2620| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
2621| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
2622| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
2623| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
2624| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
2625| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
2626| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
2627| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
2628| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
2629| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
2630| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
2631| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
2632| [99937] Apache Batik up to 1.8 privilege escalation
2633| [99936] Apache FOP up to 2.1 privilege escalation
2634| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
2635| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
2636| [99930] Apache Traffic Server up to 6.2.0 denial of service
2637| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
2638| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
2639| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
2640| [117569] Apache Hadoop up to 2.7.3 privilege escalation
2641| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
2642| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
2643| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
2644| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
2645| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
2646| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
2647| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
2648| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
2649| [99014] Apache Camel Jackson/JacksonXML privilege escalation
2650| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2651| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
2652| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
2653| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
2654| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
2655| [98605] Apple macOS up to 10.12.3 Apache denial of service
2656| [98604] Apple macOS up to 10.12.3 Apache denial of service
2657| [98603] Apple macOS up to 10.12.3 Apache denial of service
2658| [98602] Apple macOS up to 10.12.3 Apache denial of service
2659| [98601] Apple macOS up to 10.12.3 Apache denial of service
2660| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
2661| [98405] Apache Hadoop up to 0.23.10 privilege escalation
2662| [98199] Apache Camel Validation XML External Entity
2663| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
2664| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
2665| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
2666| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
2667| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
2668| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
2669| [97081] Apache Tomcat HTTPS Request denial of service
2670| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
2671| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
2672| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
2673| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
2674| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
2675| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
2676| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
2677| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
2678| [95311] Apache storm UI Daemon privilege escalation
2679| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
2680| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
2681| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
2682| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
2683| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
2684| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
2685| [94540] Apache Tika 1.9 tika-server File information disclosure
2686| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
2687| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
2688| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
2689| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
2690| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
2691| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
2692| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2693| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
2694| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
2695| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
2696| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
2697| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
2698| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
2699| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
2700| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2701| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
2702| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
2703| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
2704| [93532] Apache Commons Collections Library Java privilege escalation
2705| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
2706| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
2707| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
2708| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
2709| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
2710| [93098] Apache Commons FileUpload privilege escalation
2711| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
2712| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
2713| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
2714| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
2715| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
2716| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
2717| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
2718| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
2719| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
2720| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
2721| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
2722| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
2723| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
2724| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
2725| [92549] Apache Tomcat on Red Hat privilege escalation
2726| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
2727| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
2728| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
2729| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
2730| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
2731| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
2732| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
2733| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
2734| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
2735| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
2736| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
2737| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
2738| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
2739| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
2740| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
2741| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
2742| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
2743| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
2744| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
2745| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
2746| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
2747| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
2748| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
2749| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
2750| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
2751| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
2752| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
2753| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
2754| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
2755| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
2756| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
2757| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
2758| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
2759| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
2760| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
2761| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
2762| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
2763| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
2764| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
2765| [90263] Apache Archiva Header denial of service
2766| [90262] Apache Archiva Deserialize privilege escalation
2767| [90261] Apache Archiva XML DTD Connection privilege escalation
2768| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
2769| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
2770| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
2771| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
2772| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2773| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
2774| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
2775| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
2776| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
2777| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
2778| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
2779| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
2780| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
2781| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
2782| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
2783| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
2784| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
2785| [87765] Apache James Server 2.3.2 Command privilege escalation
2786| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
2787| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
2788| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
2789| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
2790| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
2791| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
2792| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
2793| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
2794| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
2795| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2796| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2797| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
2798| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
2799| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
2800| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2801| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
2802| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
2803| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
2804| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
2805| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
2806| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
2807| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
2808| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
2809| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
2810| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
2811| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
2812| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
2813| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
2814| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
2815| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
2816| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
2817| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
2818| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
2819| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
2820| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
2821| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
2822| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
2823| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
2824| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
2825| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
2826| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
2827| [82076] Apache Ranger up to 0.5.1 privilege escalation
2828| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
2829| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
2830| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
2831| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
2832| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
2833| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
2834| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
2835| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
2836| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
2837| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
2838| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
2839| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
2840| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2841| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
2842| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
2843| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
2844| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
2845| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
2846| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
2847| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
2848| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
2849| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
2850| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
2851| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
2852| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
2853| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
2854| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
2855| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
2856| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
2857| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
2858| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
2859| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
2860| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
2861| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
2862| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
2863| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
2864| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
2865| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
2866| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
2867| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
2868| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
2869| [79791] Cisco Products Apache Commons Collections Library privilege escalation
2870| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2871| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
2872| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
2873| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
2874| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
2875| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
2876| [78989] Apache Ambari up to 2.1.1 Open Redirect
2877| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
2878| [78987] Apache Ambari up to 2.0.x cross site scripting
2879| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
2880| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2881| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
2882| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2883| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2884| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2885| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2886| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
2887| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
2888| [77406] Apache Flex BlazeDS AMF Message XML External Entity
2889| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
2890| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
2891| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
2892| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
2893| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
2894| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
2895| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
2896| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
2897| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
2898| [76567] Apache Struts 2.3.20 unknown vulnerability
2899| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
2900| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
2901| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
2902| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
2903| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
2904| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
2905| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
2906| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
2907| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
2908| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
2909| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
2910| [74793] Apache Tomcat File Upload denial of service
2911| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
2912| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
2913| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
2914| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
2915| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
2916| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
2917| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
2918| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
2919| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
2920| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
2921| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
2922| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
2923| [74468] Apache Batik up to 1.6 denial of service
2924| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
2925| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
2926| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
2927| [74174] Apache WSS4J up to 2.0.0 privilege escalation
2928| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
2929| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
2930| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
2931| [73731] Apache XML Security unknown vulnerability
2932| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
2933| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
2934| [73593] Apache Traffic Server up to 5.1.0 denial of service
2935| [73511] Apache POI up to 3.10 Deadlock denial of service
2936| [73510] Apache Solr up to 4.3.0 cross site scripting
2937| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
2938| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
2939| [73173] Apache CloudStack Stack-Based unknown vulnerability
2940| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
2941| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
2942| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
2943| [72890] Apache Qpid 0.30 unknown vulnerability
2944| [72887] Apache Hive 0.13.0 File Permission privilege escalation
2945| [72878] Apache Cordova 3.5.0 cross site request forgery
2946| [72877] Apache Cordova 3.5.0 cross site request forgery
2947| [72876] Apache Cordova 3.5.0 cross site request forgery
2948| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
2949| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
2950| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
2951| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
2952| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2953| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
2954| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
2955| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
2956| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
2957| [71629] Apache Axis2/C spoofing
2958| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
2959| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
2960| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
2961| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
2962| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
2963| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
2964| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
2965| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
2966| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
2967| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
2968| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
2969| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
2970| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
2971| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
2972| [70809] Apache POI up to 3.11 Crash denial of service
2973| [70808] Apache POI up to 3.10 unknown vulnerability
2974| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
2975| [70749] Apache Axis up to 1.4 getCN spoofing
2976| [70701] Apache Traffic Server up to 3.3.5 denial of service
2977| [70700] Apache OFBiz up to 12.04.03 cross site scripting
2978| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
2979| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
2980| [70661] Apache Subversion up to 1.6.17 denial of service
2981| [70660] Apache Subversion up to 1.6.17 spoofing
2982| [70659] Apache Subversion up to 1.6.17 spoofing
2983| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
2984| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
2985| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
2986| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
2987| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
2988| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
2989| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
2990| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
2991| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
2992| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
2993| [69846] Apache HBase up to 0.94.8 information disclosure
2994| [69783] Apache CouchDB up to 1.2.0 memory corruption
2995| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
2996| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
2997| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
2998| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
2999| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
3000| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
3001| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
3002| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
3003| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
3004| [69431] Apache Archiva up to 1.3.6 cross site scripting
3005| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
3006| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
3007| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
3008| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
3009| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
3010| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
3011| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
3012| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
3013| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
3014| [66739] Apache Camel up to 2.12.2 unknown vulnerability
3015| [66738] Apache Camel up to 2.12.2 unknown vulnerability
3016| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
3017| [66695] Apache CouchDB up to 1.2.0 cross site scripting
3018| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
3019| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
3020| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
3021| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
3022| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
3023| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
3024| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
3025| [66356] Apache Wicket up to 6.8.0 information disclosure
3026| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
3027| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
3028| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3029| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
3030| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
3031| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3032| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
3033| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
3034| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
3035| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
3036| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
3037| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
3038| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
3039| [65668] Apache Solr 4.0.0 Updater denial of service
3040| [65665] Apache Solr up to 4.3.0 denial of service
3041| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
3042| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
3043| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
3044| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
3045| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
3046| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
3047| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
3048| [65410] Apache Struts 2.3.15.3 cross site scripting
3049| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
3050| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
3051| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
3052| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
3053| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
3054| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
3055| [65340] Apache Shindig 2.5.0 information disclosure
3056| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
3057| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
3058| [10826] Apache Struts 2 File privilege escalation
3059| [65204] Apache Camel up to 2.10.1 unknown vulnerability
3060| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
3061| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
3062| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
3063| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
3064| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
3065| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
3066| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
3067| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
3068| [64722] Apache XML Security for C++ Heap-based memory corruption
3069| [64719] Apache XML Security for C++ Heap-based memory corruption
3070| [64718] Apache XML Security for C++ verify denial of service
3071| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
3072| [64716] Apache XML Security for C++ spoofing
3073| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
3074| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
3075| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
3076| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
3077| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
3078| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
3079| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
3080| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
3081| [64485] Apache Struts up to 2.2.3.0 privilege escalation
3082| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
3083| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
3084| [64467] Apache Geronimo 3.0 memory corruption
3085| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
3086| [64457] Apache Struts up to 2.2.3.0 cross site scripting
3087| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
3088| [9184] Apache Qpid up to 0.20 SSL misconfiguration
3089| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
3090| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
3091| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
3092| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
3093| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
3094| [8873] Apache Struts 2.3.14 privilege escalation
3095| [8872] Apache Struts 2.3.14 privilege escalation
3096| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
3097| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
3098| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
3099| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
3100| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
3101| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3102| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
3103| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
3104| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
3105| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
3106| [64006] Apache ActiveMQ up to 5.7.0 denial of service
3107| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
3108| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
3109| [8427] Apache Tomcat Session Transaction weak authentication
3110| [63960] Apache Maven 3.0.4 Default Configuration spoofing
3111| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
3112| [63750] Apache qpid up to 0.20 checkAvailable denial of service
3113| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
3114| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
3115| [63747] Apache Rave up to 0.20 User Account information disclosure
3116| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
3117| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
3118| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
3119| [7687] Apache CXF up to 2.7.2 Token weak authentication
3120| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3121| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
3122| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
3123| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
3124| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
3125| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
3126| [63090] Apache Tomcat up to 4.1.24 denial of service
3127| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
3128| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
3129| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
3130| [62833] Apache CXF -/2.6.0 spoofing
3131| [62832] Apache Axis2 up to 1.6.2 spoofing
3132| [62831] Apache Axis up to 1.4 Java Message Service spoofing
3133| [62830] Apache Commons-httpclient 3.0 Payments spoofing
3134| [62826] Apache Libcloud up to 0.11.0 spoofing
3135| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
3136| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
3137| [62661] Apache Axis2 unknown vulnerability
3138| [62658] Apache Axis2 unknown vulnerability
3139| [62467] Apache Qpid up to 0.17 denial of service
3140| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
3141| [6301] Apache HTTP Server mod_pagespeed cross site scripting
3142| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
3143| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
3144| [62035] Apache Struts up to 2.3.4 denial of service
3145| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
3146| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
3147| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
3148| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
3149| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
3150| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
3151| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
3152| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
3153| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
3154| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
3155| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
3156| [61229] Apache Sling up to 2.1.1 denial of service
3157| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
3158| [61094] Apache Roller up to 5.0 cross site scripting
3159| [61093] Apache Roller up to 5.0 cross site request forgery
3160| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
3161| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
3162| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
3163| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
3164| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
3165| [60708] Apache Qpid 0.12 unknown vulnerability
3166| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
3167| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
3168| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
3169| [4882] Apache Wicket up to 1.5.4 directory traversal
3170| [4881] Apache Wicket up to 1.4.19 cross site scripting
3171| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
3172| [60352] Apache Struts up to 2.2.3 memory corruption
3173| [60153] Apache Portable Runtime up to 1.4.3 denial of service
3174| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
3175| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
3176| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
3177| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
3178| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
3179| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
3180| [4571] Apache Struts up to 2.3.1.2 privilege escalation
3181| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
3182| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
3183| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
3184| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
3185| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
3186| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
3187| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
3188| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
3189| [59888] Apache Tomcat up to 6.0.6 denial of service
3190| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
3191| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
3192| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
3193| [59850] Apache Geronimo up to 2.2.1 denial of service
3194| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
3195| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
3196| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
3197| [58413] Apache Tomcat up to 6.0.10 spoofing
3198| [58381] Apache Wicket up to 1.4.17 cross site scripting
3199| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
3200| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
3201| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
3202| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
3203| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3204| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
3205| [57568] Apache Archiva up to 1.3.4 cross site scripting
3206| [57567] Apache Archiva up to 1.3.4 cross site request forgery
3207| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
3208| [4355] Apache HTTP Server APR apr_fnmatch denial of service
3209| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
3210| [57425] Apache Struts up to 2.2.1.1 cross site scripting
3211| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
3212| [57025] Apache Tomcat up to 7.0.11 information disclosure
3213| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
3214| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
3215| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
3216| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
3217| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
3218| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
3219| [56512] Apache Continuum up to 1.4.0 cross site scripting
3220| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
3221| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
3222| [4283] Apache Tomcat 5.x ServletContect privilege escalation
3223| [56441] Apache Tomcat up to 7.0.6 denial of service
3224| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
3225| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
3226| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
3227| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
3228| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
3229| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
3230| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
3231| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
3232| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
3233| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
3234| [54693] Apache Traffic Server DNS Cache unknown vulnerability
3235| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
3236| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
3237| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
3238| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
3239| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
3240| [54012] Apache Tomcat up to 6.0.10 denial of service
3241| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
3242| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
3243| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
3244| [52894] Apache Tomcat up to 6.0.7 information disclosure
3245| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
3246| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
3247| [52786] Apache Open For Business Project up to 09.04 cross site scripting
3248| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
3249| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
3250| [52584] Apache CouchDB up to 0.10.1 information disclosure
3251| [51757] Apache HTTP Server 2.0.44 cross site scripting
3252| [51756] Apache HTTP Server 2.0.44 spoofing
3253| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
3254| [51690] Apache Tomcat up to 6.0 directory traversal
3255| [51689] Apache Tomcat up to 6.0 information disclosure
3256| [51688] Apache Tomcat up to 6.0 directory traversal
3257| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
3258| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
3259| [50626] Apache Solr 1.0.0 cross site scripting
3260| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
3261| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
3262| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
3263| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
3264| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
3265| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
3266| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
3267| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
3268| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
3269| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
3270| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
3271| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
3272| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
3273| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
3274| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
3275| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
3276| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
3277| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
3278| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
3279| [47214] Apachefriends xampp 1.6.8 spoofing
3280| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
3281| [47162] Apachefriends XAMPP 1.4.4 weak authentication
3282| [47065] Apache Tomcat 4.1.23 cross site scripting
3283| [46834] Apache Tomcat up to 5.5.20 cross site scripting
3284| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
3285| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
3286| [86625] Apache Struts directory traversal
3287| [44461] Apache Tomcat up to 5.5.0 information disclosure
3288| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
3289| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
3290| [43663] Apache Tomcat up to 6.0.16 directory traversal
3291| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
3292| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
3293| [43516] Apache Tomcat up to 4.1.20 directory traversal
3294| [43509] Apache Tomcat up to 6.0.13 cross site scripting
3295| [42637] Apache Tomcat up to 6.0.16 cross site scripting
3296| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
3297| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
3298| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
3299| [40924] Apache Tomcat up to 6.0.15 information disclosure
3300| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
3301| [40922] Apache Tomcat up to 6.0 information disclosure
3302| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
3303| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
3304| [40656] Apache Tomcat 5.5.20 information disclosure
3305| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
3306| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
3307| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
3308| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
3309| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
3310| [40234] Apache Tomcat up to 6.0.15 directory traversal
3311| [40221] Apache HTTP Server 2.2.6 information disclosure
3312| [40027] David Castro Apache Authcas 0.4 sql injection
3313| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
3314| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
3315| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
3316| [39489] Apache Jakarta Slide up to 2.1 directory traversal
3317| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
3318| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
3319| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
3320| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
3321| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
3322| [38524] Apache Geronimo 2.0 unknown vulnerability
3323| [3256] Apache Tomcat up to 6.0.13 cross site scripting
3324| [38331] Apache Tomcat 4.1.24 information disclosure
3325| [38330] Apache Tomcat 4.1.24 information disclosure
3326| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
3327| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
3328| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
3329| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
3330| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
3331| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
3332| [37292] Apache Tomcat up to 5.5.1 cross site scripting
3333| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
3334| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
3335| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
3336| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
3337| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
3338| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
3339| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
3340| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
3341| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
3342| [36225] XAMPP Apache Distribution 1.6.0a sql injection
3343| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
3344| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
3345| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
3346| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
3347| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
3348| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
3349| [34252] Apache HTTP Server denial of service
3350| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
3351| [33877] Apache Opentaps 0.9.3 cross site scripting
3352| [33876] Apache Open For Business Project unknown vulnerability
3353| [33875] Apache Open For Business Project cross site scripting
3354| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
3355| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
3356| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
3357| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
3358| [31663] vbPortal Apache HTTP Server index.php directory traversal
3359| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
3360| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
3361| [30623] Apache James 2.2.0 SMTP Server denial of service
3362| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
3363|
3364| MITRE CVE - https://cve.mitre.org:
3365| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
3366| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
3367| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3368| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
3369| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
3370| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
3371| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
3372| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
3373| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
3374| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
3375| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
3376| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
3377| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
3378| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
3379| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
3380| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
3381| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
3382| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
3383| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
3384| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
3385| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
3386| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
3387| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
3388| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
3389| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
3390| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
3391| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
3392| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
3393| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
3394| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
3395| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3396| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
3397| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
3398| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
3399| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
3400| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
3401| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
3402| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
3403| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
3404| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
3405| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
3406| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3407| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3408| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3409| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
3410| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
3411| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
3412| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
3413| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
3414| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
3415| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
3416| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
3417| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
3418| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
3419| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
3420| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
3421| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
3422| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
3423| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
3424| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
3425| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
3426| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
3427| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
3428| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
3429| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3430| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
3431| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
3432| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
3433| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
3434| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
3435| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
3436| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
3437| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
3438| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
3439| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
3440| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
3441| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
3442| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
3443| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
3444| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
3445| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
3446| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
3447| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
3448| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
3449| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
3450| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
3451| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
3452| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
3453| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
3454| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
3455| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
3456| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
3457| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
3458| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
3459| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
3460| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
3461| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
3462| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
3463| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
3464| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
3465| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
3466| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
3467| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
3468| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
3469| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
3470| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
3471| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
3472| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
3473| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
3474| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
3475| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
3476| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
3477| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
3478| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
3479| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
3480| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
3481| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
3482| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
3483| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
3484| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
3485| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
3486| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
3487| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
3488| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
3489| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3490| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
3491| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
3492| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
3493| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
3494| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
3495| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
3496| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
3497| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
3498| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
3499| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
3500| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
3501| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
3502| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
3503| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
3504| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
3505| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
3506| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
3507| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
3508| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
3509| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
3510| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
3511| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
3512| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
3513| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
3514| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
3515| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
3516| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
3517| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
3518| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
3519| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
3520| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
3521| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
3522| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
3523| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
3524| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
3525| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
3526| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
3527| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
3528| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3529| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
3530| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
3531| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
3532| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
3533| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
3534| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
3535| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
3536| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
3537| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
3538| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
3539| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
3540| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
3541| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
3542| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
3543| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
3544| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3545| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
3546| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
3547| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
3548| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
3549| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
3550| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
3551| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
3552| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
3553| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
3554| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
3555| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
3556| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
3557| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
3558| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
3559| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
3560| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
3561| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
3562| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
3563| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
3564| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
3565| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
3566| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
3567| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
3568| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
3569| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
3570| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
3571| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
3572| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
3573| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
3574| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
3575| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
3576| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
3577| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
3578| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
3579| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
3580| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
3581| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
3582| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
3583| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
3584| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
3585| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3586| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
3587| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
3588| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
3589| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
3590| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
3591| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
3592| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
3593| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
3594| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
3595| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
3596| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
3597| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
3598| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
3599| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
3600| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
3601| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
3602| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
3603| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
3604| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
3605| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
3606| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
3607| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
3608| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
3609| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
3610| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
3611| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
3612| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
3613| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
3614| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
3615| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
3616| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
3617| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
3618| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
3619| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
3620| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
3621| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
3622| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
3623| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
3624| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
3625| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
3626| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
3627| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
3628| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
3629| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
3630| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
3631| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
3632| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
3633| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
3634| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
3635| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
3636| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
3637| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
3638| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
3639| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
3640| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
3641| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
3642| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
3643| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
3644| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
3645| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
3646| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
3647| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
3648| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
3649| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
3650| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
3651| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
3652| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
3653| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
3654| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
3655| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
3656| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
3657| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
3658| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3659| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
3660| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
3661| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
3662| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
3663| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
3664| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
3665| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
3666| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
3667| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
3668| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
3669| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
3670| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3671| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3672| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
3673| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
3674| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
3675| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
3676| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
3677| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
3678| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
3679| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
3680| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
3681| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
3682| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
3683| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
3684| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
3685| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
3686| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
3687| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
3688| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
3689| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
3690| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
3691| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
3692| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
3693| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
3694| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
3695| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
3696| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
3697| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
3698| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
3699| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
3700| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
3701| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
3702| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
3703| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
3704| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
3705| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
3706| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
3707| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
3708| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
3709| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
3710| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
3711| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
3712| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3713| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
3714| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
3715| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
3716| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
3717| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3718| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
3719| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
3720| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
3721| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
3722| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
3723| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
3724| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
3725| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
3726| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
3727| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
3728| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
3729| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
3730| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
3731| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3732| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3733| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
3734| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
3735| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
3736| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
3737| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
3738| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
3739| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
3740| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3741| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
3742| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
3743| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
3744| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
3745| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
3746| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3747| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
3748| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3749| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
3750| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
3751| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
3752| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
3753| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
3754| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
3755| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
3756| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
3757| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
3758| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
3759| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
3760| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
3761| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
3762| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
3763| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
3764| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
3765| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
3766| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
3767| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
3768| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
3769| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
3770| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
3771| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
3772| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
3773| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
3774| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
3775| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
3776| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
3777| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
3778| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
3779| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
3780| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
3781| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
3782| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3783| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
3784| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
3785| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
3786| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
3787| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
3788| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
3789| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
3790| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
3791| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
3792| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
3793| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
3794| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
3795| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
3796| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
3797| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
3798| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
3799| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
3800| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
3801| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3802| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
3803| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
3804| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
3805| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
3806| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
3807| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3808| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
3809| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3810| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
3811| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
3812| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
3813| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
3814| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
3815| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
3816| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
3817| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
3818| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
3819| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
3820| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
3821| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
3822| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
3823| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
3824| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
3825| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3826| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
3827| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
3828| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
3829| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
3830| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
3831| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
3832| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
3833| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
3834| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
3835| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
3836| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
3837| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
3838| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
3839| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
3840| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
3841| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
3842| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
3843| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
3844| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
3845| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
3846| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
3847| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
3848| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
3849| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
3850| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
3851| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
3852| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3853| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
3854| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
3855| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
3856| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
3857| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
3858| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
3859| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
3860| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
3861| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
3862| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
3863| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
3864| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
3865| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
3866| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
3867| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
3868| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
3869| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
3870| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
3871| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
3872| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
3873| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
3874| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
3875| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
3876| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
3877| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
3878| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
3879| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
3880| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
3881| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
3882| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
3883| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
3884| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
3885| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
3886| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
3887| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
3888| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
3889| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
3890| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
3891| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
3892| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
3893| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
3894| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
3895| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
3896| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
3897| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
3898| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
3899| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
3900| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
3901| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
3902| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
3903| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
3904| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
3905| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
3906| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
3907| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
3908| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
3909| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
3910| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
3911| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
3912| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
3913| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
3914| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
3915| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
3916| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
3917| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
3918| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
3919| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
3920| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
3921| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
3922| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
3923| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
3924| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
3925| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
3926| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
3927| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
3928| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
3929| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
3930| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
3931| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
3932| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
3933| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
3934| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
3935| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
3936| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
3937| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
3938| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
3939| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
3940| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
3941| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
3942| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
3943| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
3944| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
3945| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
3946| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
3947| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
3948| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
3949| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
3950| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
3951| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
3952| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
3953| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
3954| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
3955| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
3956| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
3957| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
3958| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
3959| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
3960| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
3961| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
3962| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
3963| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
3964| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
3965| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
3966| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
3967| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
3968| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
3969| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
3970| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
3971| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
3972| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
3973| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
3974|
3975| SecurityFocus - https://www.securityfocus.com/bid/:
3976| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
3977| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
3978| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
3979| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
3980| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
3981| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
3982| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
3983| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
3984| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
3985| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
3986| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
3987| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
3988| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
3989| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
3990| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
3991| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
3992| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
3993| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
3994| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
3995| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
3996| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
3997| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
3998| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
3999| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
4000| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
4001| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
4002| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
4003| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
4004| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
4005| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
4006| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
4007| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
4008| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
4009| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
4010| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
4011| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
4012| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
4013| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
4014| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
4015| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
4016| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
4017| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
4018| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
4019| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
4020| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
4021| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
4022| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
4023| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
4024| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
4025| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
4026| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
4027| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
4028| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
4029| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
4030| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
4031| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
4032| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
4033| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
4034| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
4035| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
4036| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
4037| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
4038| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
4039| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
4040| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
4041| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
4042| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
4043| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
4044| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
4045| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
4046| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
4047| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
4048| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
4049| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
4050| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
4051| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
4052| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
4053| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
4054| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
4055| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
4056| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
4057| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
4058| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
4059| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
4060| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
4061| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
4062| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
4063| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
4064| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
4065| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
4066| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
4067| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
4068| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
4069| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
4070| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
4071| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
4072| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
4073| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
4074| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
4075| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
4076| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
4077| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
4078| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
4079| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
4080| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
4081| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
4082| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
4083| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
4084| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
4085| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
4086| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
4087| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
4088| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
4089| [100447] Apache2Triad Multiple Security Vulnerabilities
4090| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
4091| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
4092| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
4093| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
4094| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
4095| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
4096| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
4097| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
4098| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
4099| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
4100| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
4101| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
4102| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
4103| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
4104| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
4105| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
4106| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
4107| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
4108| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
4109| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
4110| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
4111| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
4112| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
4113| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
4114| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
4115| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
4116| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
4117| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
4118| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
4119| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
4120| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
4121| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
4122| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
4123| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
4124| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
4125| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
4126| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
4127| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
4128| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
4129| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
4130| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
4131| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
4132| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
4133| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
4134| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
4135| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
4136| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
4137| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
4138| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
4139| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
4140| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
4141| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
4142| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
4143| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
4144| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
4145| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
4146| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
4147| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
4148| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
4149| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
4150| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
4151| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
4152| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
4153| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
4154| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
4155| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
4156| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
4157| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
4158| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
4159| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
4160| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
4161| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
4162| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
4163| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
4164| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
4165| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
4166| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
4167| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
4168| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
4169| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
4170| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
4171| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
4172| [95675] Apache Struts Remote Code Execution Vulnerability
4173| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
4174| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
4175| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
4176| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
4177| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
4178| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
4179| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
4180| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
4181| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
4182| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
4183| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
4184| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
4185| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
4186| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
4187| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
4188| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
4189| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
4190| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
4191| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
4192| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
4193| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
4194| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
4195| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
4196| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
4197| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
4198| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
4199| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
4200| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
4201| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
4202| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
4203| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
4204| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
4205| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
4206| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
4207| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
4208| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
4209| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
4210| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
4211| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
4212| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
4213| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
4214| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
4215| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
4216| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
4217| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
4218| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
4219| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
4220| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
4221| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
4222| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
4223| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
4224| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
4225| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
4226| [91736] Apache XML-RPC Multiple Security Vulnerabilities
4227| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
4228| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
4229| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
4230| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
4231| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
4232| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
4233| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
4234| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
4235| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
4236| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
4237| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
4238| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
4239| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
4240| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
4241| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
4242| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
4243| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
4244| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
4245| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
4246| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
4247| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
4248| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
4249| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
4250| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
4251| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
4252| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
4253| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
4254| [90482] Apache CVE-2004-1387 Local Security Vulnerability
4255| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
4256| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
4257| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
4258| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
4259| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
4260| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
4261| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
4262| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
4263| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
4264| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
4265| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
4266| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
4267| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
4268| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
4269| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
4270| [86399] Apache CVE-2007-1743 Local Security Vulnerability
4271| [86397] Apache CVE-2007-1742 Local Security Vulnerability
4272| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
4273| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
4274| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
4275| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
4276| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
4277| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
4278| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
4279| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
4280| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
4281| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
4282| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
4283| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
4284| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
4285| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
4286| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
4287| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
4288| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
4289| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
4290| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
4291| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
4292| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
4293| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
4294| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
4295| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
4296| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
4297| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
4298| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
4299| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
4300| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
4301| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
4302| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
4303| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
4304| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
4305| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
4306| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
4307| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
4308| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
4309| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
4310| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
4311| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
4312| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
4313| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
4314| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
4315| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
4316| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
4317| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
4318| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
4319| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
4320| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
4321| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
4322| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
4323| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
4324| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
4325| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
4326| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
4327| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
4328| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
4329| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
4330| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
4331| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
4332| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
4333| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
4334| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
4335| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
4336| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
4337| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
4338| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
4339| [76933] Apache James Server Unspecified Command Execution Vulnerability
4340| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
4341| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
4342| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
4343| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
4344| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
4345| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
4346| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
4347| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
4348| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
4349| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
4350| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
4351| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
4352| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
4353| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
4354| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
4355| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
4356| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
4357| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
4358| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
4359| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
4360| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
4361| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
4362| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
4363| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
4364| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
4365| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
4366| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
4367| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
4368| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
4369| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
4370| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
4371| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
4372| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
4373| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
4374| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
4375| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
4376| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
4377| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
4378| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
4379| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
4380| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
4381| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
4382| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
4383| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
4384| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
4385| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
4386| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
4387| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
4388| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
4389| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
4390| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
4391| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
4392| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
4393| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
4394| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
4395| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
4396| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
4397| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
4398| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
4399| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
4400| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
4401| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
4402| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
4403| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
4404| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
4405| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
4406| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
4407| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
4408| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
4409| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
4410| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
4411| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
4412| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
4413| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
4414| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
4415| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
4416| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
4417| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
4418| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
4419| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
4420| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
4421| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
4422| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
4423| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
4424| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
4425| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
4426| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
4427| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
4428| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
4429| [68229] Apache Harmony PRNG Entropy Weakness
4430| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
4431| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
4432| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
4433| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
4434| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
4435| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
4436| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
4437| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
4438| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
4439| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
4440| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
4441| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
4442| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
4443| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
4444| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
4445| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
4446| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
4447| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
4448| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
4449| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
4450| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
4451| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
4452| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
4453| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
4454| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
4455| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
4456| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
4457| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
4458| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
4459| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
4460| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
4461| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
4462| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
4463| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
4464| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
4465| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
4466| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
4467| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
4468| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
4469| [64780] Apache CloudStack Unauthorized Access Vulnerability
4470| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
4471| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
4472| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
4473| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
4474| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
4475| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
4476| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
4477| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
4478| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
4479| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
4480| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
4481| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4482| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
4483| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
4484| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
4485| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
4486| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
4487| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
4488| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
4489| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
4490| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
4491| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
4492| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
4493| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
4494| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
4495| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
4496| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
4497| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
4498| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
4499| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
4500| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
4501| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
4502| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
4503| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
4504| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
4505| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
4506| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
4507| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
4508| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
4509| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
4510| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
4511| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
4512| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
4513| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
4514| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
4515| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
4516| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
4517| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
4518| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
4519| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
4520| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
4521| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
4522| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
4523| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
4524| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
4525| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
4526| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
4527| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
4528| [59670] Apache VCL Multiple Input Validation Vulnerabilities
4529| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
4530| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
4531| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
4532| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
4533| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
4534| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
4535| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
4536| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
4537| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
4538| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
4539| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
4540| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
4541| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
4542| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
4543| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
4544| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
4545| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
4546| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
4547| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
4548| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
4549| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
4550| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
4551| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
4552| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
4553| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
4554| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
4555| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
4556| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
4557| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
4558| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
4559| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
4560| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
4561| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
4562| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
4563| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
4564| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
4565| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
4566| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
4567| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
4568| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
4569| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
4570| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
4571| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
4572| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
4573| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
4574| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
4575| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
4576| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
4577| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
4578| [54798] Apache Libcloud Man In The Middle Vulnerability
4579| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
4580| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
4581| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
4582| [54189] Apache Roller Cross Site Request Forgery Vulnerability
4583| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
4584| [53880] Apache CXF Child Policies Security Bypass Vulnerability
4585| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
4586| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
4587| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
4588| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
4589| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
4590| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
4591| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
4592| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
4593| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
4594| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
4595| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
4596| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
4597| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
4598| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
4599| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
4600| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
4601| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
4602| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
4603| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
4604| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
4605| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4606| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
4607| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
4608| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
4609| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
4610| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
4611| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
4612| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
4613| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
4614| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
4615| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
4616| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
4617| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
4618| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
4619| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
4620| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
4621| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
4622| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
4623| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
4624| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
4625| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
4626| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
4627| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
4628| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
4629| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
4630| [49290] Apache Wicket Cross Site Scripting Vulnerability
4631| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
4632| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
4633| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
4634| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
4635| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
4636| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
4637| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
4638| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4639| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
4640| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
4641| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
4642| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
4643| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
4644| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
4645| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
4646| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
4647| [46953] Apache MPM-ITK Module Security Weakness
4648| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
4649| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
4650| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
4651| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
4652| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
4653| [46166] Apache Tomcat JVM Denial of Service Vulnerability
4654| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
4655| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
4656| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
4657| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
4658| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
4659| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
4660| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
4661| [44616] Apache Shiro Directory Traversal Vulnerability
4662| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
4663| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
4664| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
4665| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
4666| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
4667| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
4668| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
4669| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
4670| [42492] Apache CXF XML DTD Processing Security Vulnerability
4671| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
4672| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
4673| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
4674| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
4675| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
4676| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
4677| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
4678| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
4679| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
4680| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
4681| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
4682| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
4683| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
4684| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
4685| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
4686| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
4687| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
4688| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
4689| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
4690| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
4691| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
4692| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
4693| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
4694| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
4695| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
4696| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
4697| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
4698| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
4699| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
4700| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
4701| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
4702| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
4703| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
4704| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
4705| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
4706| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4707| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
4708| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
4709| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
4710| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
4711| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
4712| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
4713| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
4714| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
4715| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
4716| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
4717| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
4718| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
4719| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
4720| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
4721| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
4722| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
4723| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
4724| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
4725| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
4726| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
4727| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
4728| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
4729| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
4730| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
4731| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
4732| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
4733| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
4734| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
4735| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
4736| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
4737| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
4738| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
4739| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
4740| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
4741| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
4742| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
4743| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
4744| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
4745| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
4746| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
4747| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
4748| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
4749| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
4750| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
4751| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
4752| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
4753| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
4754| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
4755| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
4756| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
4757| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
4758| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
4759| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
4760| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
4761| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
4762| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
4763| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
4764| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
4765| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
4766| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
4767| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
4768| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
4769| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
4770| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
4771| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
4772| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
4773| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
4774| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
4775| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
4776| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
4777| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
4778| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
4779| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
4780| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
4781| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
4782| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
4783| [20527] Apache Mod_TCL Remote Format String Vulnerability
4784| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
4785| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
4786| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
4787| [19106] Apache Tomcat Information Disclosure Vulnerability
4788| [18138] Apache James SMTP Denial Of Service Vulnerability
4789| [17342] Apache Struts Multiple Remote Vulnerabilities
4790| [17095] Apache Log4Net Denial Of Service Vulnerability
4791| [16916] Apache mod_python FileSession Code Execution Vulnerability
4792| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
4793| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
4794| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
4795| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
4796| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
4797| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
4798| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
4799| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
4800| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
4801| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
4802| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
4803| [15177] PHP Apache 2 Local Denial of Service Vulnerability
4804| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
4805| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
4806| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
4807| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
4808| [14106] Apache HTTP Request Smuggling Vulnerability
4809| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
4810| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
4811| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
4812| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
4813| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
4814| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
4815| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
4816| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
4817| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
4818| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
4819| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
4820| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
4821| [11471] Apache mod_include Local Buffer Overflow Vulnerability
4822| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
4823| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
4824| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
4825| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
4826| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
4827| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
4828| [11094] Apache mod_ssl Denial Of Service Vulnerability
4829| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
4830| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
4831| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
4832| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
4833| [10478] ClueCentral Apache Suexec Patch Security Weakness
4834| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
4835| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
4836| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
4837| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
4838| [9921] Apache Connection Blocking Denial Of Service Vulnerability
4839| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
4840| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
4841| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
4842| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
4843| [9733] Apache Cygwin Directory Traversal Vulnerability
4844| [9599] Apache mod_php Global Variables Information Disclosure Weakness
4845| [9590] Apache-SSL Client Certificate Forging Vulnerability
4846| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
4847| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
4848| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
4849| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
4850| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
4851| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
4852| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
4853| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
4854| [8898] Red Hat Apache Directory Index Default Configuration Error
4855| [8883] Apache Cocoon Directory Traversal Vulnerability
4856| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
4857| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
4858| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
4859| [8707] Apache htpasswd Password Entropy Weakness
4860| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
4861| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
4862| [8226] Apache HTTP Server Multiple Vulnerabilities
4863| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
4864| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
4865| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
4866| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
4867| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
4868| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
4869| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
4870| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
4871| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
4872| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
4873| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
4874| [7255] Apache Web Server File Descriptor Leakage Vulnerability
4875| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
4876| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
4877| [6939] Apache Web Server ETag Header Information Disclosure Weakness
4878| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
4879| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
4880| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
4881| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
4882| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
4883| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
4884| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
4885| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
4886| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
4887| [6117] Apache mod_php File Descriptor Leakage Vulnerability
4888| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
4889| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
4890| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
4891| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
4892| [5992] Apache HTDigest Insecure Temporary File Vulnerability
4893| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
4894| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
4895| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
4896| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
4897| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
4898| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
4899| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
4900| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
4901| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
4902| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
4903| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
4904| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
4905| [5485] Apache 2.0 Path Disclosure Vulnerability
4906| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
4907| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
4908| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
4909| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
4910| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
4911| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
4912| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
4913| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
4914| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
4915| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
4916| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
4917| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
4918| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
4919| [4437] Apache Error Message Cross-Site Scripting Vulnerability
4920| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
4921| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
4922| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
4923| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
4924| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
4925| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
4926| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
4927| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4928| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4929| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
4930| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
4931| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
4932| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
4933| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
4934| [3596] Apache Split-Logfile File Append Vulnerability
4935| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
4936| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
4937| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
4938| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
4939| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
4940| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
4941| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
4942| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
4943| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
4944| [3169] Apache Server Address Disclosure Vulnerability
4945| [3009] Apache Possible Directory Index Disclosure Vulnerability
4946| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
4947| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
4948| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
4949| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
4950| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
4951| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
4952| [2216] Apache Web Server DoS Vulnerability
4953| [2182] Apache /tmp File Race Vulnerability
4954| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
4955| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
4956| [1821] Apache mod_cookies Buffer Overflow Vulnerability
4957| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
4958| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
4959| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
4960| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
4961| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
4962| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
4963| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
4964| [1457] Apache::ASP source.asp Example Script Vulnerability
4965| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
4966| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
4967|
4968| IBM X-Force - https://exchange.xforce.ibmcloud.com:
4969| [86258] Apache CloudStack text fields cross-site scripting
4970| [85983] Apache Subversion mod_dav_svn module denial of service
4971| [85875] Apache OFBiz UEL code execution
4972| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
4973| [85871] Apache HTTP Server mod_session_dbd unspecified
4974| [85756] Apache Struts OGNL expression command execution
4975| [85755] Apache Struts DefaultActionMapper class open redirect
4976| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
4977| [85574] Apache HTTP Server mod_dav denial of service
4978| [85573] Apache Struts Showcase App OGNL code execution
4979| [85496] Apache CXF denial of service
4980| [85423] Apache Geronimo RMI classloader code execution
4981| [85326] Apache Santuario XML Security for C++ buffer overflow
4982| [85323] Apache Santuario XML Security for Java spoofing
4983| [85319] Apache Qpid Python client SSL spoofing
4984| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
4985| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
4986| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
4987| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
4988| [84952] Apache Tomcat CVE-2012-3544 denial of service
4989| [84763] Apache Struts CVE-2013-2135 security bypass
4990| [84762] Apache Struts CVE-2013-2134 security bypass
4991| [84719] Apache Subversion CVE-2013-2088 command execution
4992| [84718] Apache Subversion CVE-2013-2112 denial of service
4993| [84717] Apache Subversion CVE-2013-1968 denial of service
4994| [84577] Apache Tomcat security bypass
4995| [84576] Apache Tomcat symlink
4996| [84543] Apache Struts CVE-2013-2115 security bypass
4997| [84542] Apache Struts CVE-2013-1966 security bypass
4998| [84154] Apache Tomcat session hijacking
4999| [84144] Apache Tomcat denial of service
5000| [84143] Apache Tomcat information disclosure
5001| [84111] Apache HTTP Server command execution
5002| [84043] Apache Virtual Computing Lab cross-site scripting
5003| [84042] Apache Virtual Computing Lab cross-site scripting
5004| [83782] Apache CloudStack information disclosure
5005| [83781] Apache CloudStack security bypass
5006| [83720] Apache ActiveMQ cross-site scripting
5007| [83719] Apache ActiveMQ denial of service
5008| [83718] Apache ActiveMQ denial of service
5009| [83263] Apache Subversion denial of service
5010| [83262] Apache Subversion denial of service
5011| [83261] Apache Subversion denial of service
5012| [83259] Apache Subversion denial of service
5013| [83035] Apache mod_ruid2 security bypass
5014| [82852] Apache Qpid federation_tag security bypass
5015| [82851] Apache Qpid qpid::framing::Buffer denial of service
5016| [82758] Apache Rave User RPC API information disclosure
5017| [82663] Apache Subversion svn_fs_file_length() denial of service
5018| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
5019| [82641] Apache Qpid AMQP denial of service
5020| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
5021| [82618] Apache Commons FileUpload symlink
5022| [82360] Apache HTTP Server manager interface cross-site scripting
5023| [82359] Apache HTTP Server hostnames cross-site scripting
5024| [82338] Apache Tomcat log/logdir information disclosure
5025| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
5026| [82268] Apache OpenJPA deserialization command execution
5027| [81981] Apache CXF UsernameTokens security bypass
5028| [81980] Apache CXF WS-Security security bypass
5029| [81398] Apache OFBiz cross-site scripting
5030| [81240] Apache CouchDB directory traversal
5031| [81226] Apache CouchDB JSONP code execution
5032| [81225] Apache CouchDB Futon user interface cross-site scripting
5033| [81211] Apache Axis2/C SSL spoofing
5034| [81167] Apache CloudStack DeployVM information disclosure
5035| [81166] Apache CloudStack AddHost API information disclosure
5036| [81165] Apache CloudStack createSSHKeyPair API information disclosure
5037| [80518] Apache Tomcat cross-site request forgery security bypass
5038| [80517] Apache Tomcat FormAuthenticator security bypass
5039| [80516] Apache Tomcat NIO denial of service
5040| [80408] Apache Tomcat replay-countermeasure security bypass
5041| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
5042| [80317] Apache Tomcat slowloris denial of service
5043| [79984] Apache Commons HttpClient SSL spoofing
5044| [79983] Apache CXF SSL spoofing
5045| [79830] Apache Axis2/Java SSL spoofing
5046| [79829] Apache Axis SSL spoofing
5047| [79809] Apache Tomcat DIGEST security bypass
5048| [79806] Apache Tomcat parseHeaders() denial of service
5049| [79540] Apache OFBiz unspecified
5050| [79487] Apache Axis2 SAML security bypass
5051| [79212] Apache Cloudstack code execution
5052| [78734] Apache CXF SOAP Action security bypass
5053| [78730] Apache Qpid broker denial of service
5054| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
5055| [78563] Apache mod_pagespeed module unspecified cross-site scripting
5056| [78562] Apache mod_pagespeed module security bypass
5057| [78454] Apache Axis2 security bypass
5058| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
5059| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
5060| [78321] Apache Wicket unspecified cross-site scripting
5061| [78183] Apache Struts parameters denial of service
5062| [78182] Apache Struts cross-site request forgery
5063| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
5064| [77987] mod_rpaf module for Apache denial of service
5065| [77958] Apache Struts skill name code execution
5066| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
5067| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
5068| [77568] Apache Qpid broker security bypass
5069| [77421] Apache Libcloud spoofing
5070| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
5071| [77046] Oracle Solaris Apache HTTP Server information disclosure
5072| [76837] Apache Hadoop information disclosure
5073| [76802] Apache Sling CopyFrom denial of service
5074| [76692] Apache Hadoop symlink
5075| [76535] Apache Roller console cross-site request forgery
5076| [76534] Apache Roller weblog cross-site scripting
5077| [76152] Apache CXF elements security bypass
5078| [76151] Apache CXF child policies security bypass
5079| [75983] MapServer for Windows Apache file include
5080| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
5081| [75558] Apache POI denial of service
5082| [75545] PHP apache_request_headers() buffer overflow
5083| [75302] Apache Qpid SASL security bypass
5084| [75211] Debian GNU/Linux apache 2 cross-site scripting
5085| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
5086| [74871] Apache OFBiz FlexibleStringExpander code execution
5087| [74870] Apache OFBiz multiple cross-site scripting
5088| [74750] Apache Hadoop unspecified spoofing
5089| [74319] Apache Struts XSLTResult.java file upload
5090| [74313] Apache Traffic Server header buffer overflow
5091| [74276] Apache Wicket directory traversal
5092| [74273] Apache Wicket unspecified cross-site scripting
5093| [74181] Apache HTTP Server mod_fcgid module denial of service
5094| [73690] Apache Struts OGNL code execution
5095| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
5096| [73100] Apache MyFaces in directory traversal
5097| [73096] Apache APR hash denial of service
5098| [73052] Apache Struts name cross-site scripting
5099| [73030] Apache CXF UsernameToken security bypass
5100| [72888] Apache Struts lastName cross-site scripting
5101| [72758] Apache HTTP Server httpOnly information disclosure
5102| [72757] Apache HTTP Server MPM denial of service
5103| [72585] Apache Struts ParameterInterceptor security bypass
5104| [72438] Apache Tomcat Digest security bypass
5105| [72437] Apache Tomcat Digest security bypass
5106| [72436] Apache Tomcat DIGEST security bypass
5107| [72425] Apache Tomcat parameter denial of service
5108| [72422] Apache Tomcat request object information disclosure
5109| [72377] Apache HTTP Server scoreboard security bypass
5110| [72345] Apache HTTP Server HTTP request denial of service
5111| [72229] Apache Struts ExceptionDelegator command execution
5112| [72089] Apache Struts ParameterInterceptor directory traversal
5113| [72088] Apache Struts CookieInterceptor command execution
5114| [72047] Apache Geronimo hash denial of service
5115| [72016] Apache Tomcat hash denial of service
5116| [71711] Apache Struts OGNL expression code execution
5117| [71654] Apache Struts interfaces security bypass
5118| [71620] Apache ActiveMQ failover denial of service
5119| [71617] Apache HTTP Server mod_proxy module information disclosure
5120| [71508] Apache MyFaces EL security bypass
5121| [71445] Apache HTTP Server mod_proxy security bypass
5122| [71203] Apache Tomcat servlets privilege escalation
5123| [71181] Apache HTTP Server ap_pregsub() denial of service
5124| [71093] Apache HTTP Server ap_pregsub() buffer overflow
5125| [70336] Apache HTTP Server mod_proxy information disclosure
5126| [69804] Apache HTTP Server mod_proxy_ajp denial of service
5127| [69472] Apache Tomcat AJP security bypass
5128| [69396] Apache HTTP Server ByteRange filter denial of service
5129| [69394] Apache Wicket multi window support cross-site scripting
5130| [69176] Apache Tomcat XML information disclosure
5131| [69161] Apache Tomcat jsvc information disclosure
5132| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
5133| [68541] Apache Tomcat sendfile information disclosure
5134| [68420] Apache XML Security denial of service
5135| [68238] Apache Tomcat JMX information disclosure
5136| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
5137| [67804] Apache Subversion control rules information disclosure
5138| [67803] Apache Subversion control rules denial of service
5139| [67802] Apache Subversion baselined denial of service
5140| [67672] Apache Archiva multiple cross-site scripting
5141| [67671] Apache Archiva multiple cross-site request forgery
5142| [67564] Apache APR apr_fnmatch() denial of service
5143| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
5144| [67515] Apache Tomcat annotations security bypass
5145| [67480] Apache Struts s:submit information disclosure
5146| [67414] Apache APR apr_fnmatch() denial of service
5147| [67356] Apache Struts javatemplates cross-site scripting
5148| [67354] Apache Struts Xwork cross-site scripting
5149| [66676] Apache Tomcat HTTP BIO information disclosure
5150| [66675] Apache Tomcat web.xml security bypass
5151| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
5152| [66241] Apache HttpComponents information disclosure
5153| [66154] Apache Tomcat ServletSecurity security bypass
5154| [65971] Apache Tomcat ServletSecurity security bypass
5155| [65876] Apache Subversion mod_dav_svn denial of service
5156| [65343] Apache Continuum unspecified cross-site scripting
5157| [65162] Apache Tomcat NIO connector denial of service
5158| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
5159| [65160] Apache Tomcat HTML Manager interface cross-site scripting
5160| [65159] Apache Tomcat ServletContect security bypass
5161| [65050] Apache CouchDB web-based administration UI cross-site scripting
5162| [64773] Oracle HTTP Server Apache Plugin unauthorized access
5163| [64473] Apache Subversion blame -g denial of service
5164| [64472] Apache Subversion walk() denial of service
5165| [64407] Apache Axis2 CVE-2010-0219 code execution
5166| [63926] Apache Archiva password privilege escalation
5167| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
5168| [63493] Apache Archiva credentials cross-site request forgery
5169| [63477] Apache Tomcat HttpOnly session hijacking
5170| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
5171| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
5172| [62959] Apache Shiro filters security bypass
5173| [62790] Apache Perl cgi module denial of service
5174| [62576] Apache Qpid exchange denial of service
5175| [62575] Apache Qpid AMQP denial of service
5176| [62354] Apache Qpid SSL denial of service
5177| [62235] Apache APR-util apr_brigade_split_line() denial of service
5178| [62181] Apache XML-RPC SAX Parser information disclosure
5179| [61721] Apache Traffic Server cache poisoning
5180| [61202] Apache Derby BUILTIN authentication functionality information disclosure
5181| [61186] Apache CouchDB Futon cross-site request forgery
5182| [61169] Apache CXF DTD denial of service
5183| [61070] Apache Jackrabbit search.jsp SQL injection
5184| [61006] Apache SLMS Quoting cross-site request forgery
5185| [60962] Apache Tomcat time cross-site scripting
5186| [60883] Apache mod_proxy_http information disclosure
5187| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
5188| [60264] Apache Tomcat Transfer-Encoding denial of service
5189| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
5190| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
5191| [59413] Apache mod_proxy_http timeout information disclosure
5192| [59058] Apache MyFaces unencrypted view state cross-site scripting
5193| [58827] Apache Axis2 xsd file include
5194| [58790] Apache Axis2 modules cross-site scripting
5195| [58299] Apache ActiveMQ queueBrowse cross-site scripting
5196| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
5197| [58056] Apache ActiveMQ .jsp source code disclosure
5198| [58055] Apache Tomcat realm name information disclosure
5199| [58046] Apache HTTP Server mod_auth_shadow security bypass
5200| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
5201| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
5202| [57429] Apache CouchDB algorithms information disclosure
5203| [57398] Apache ActiveMQ Web console cross-site request forgery
5204| [57397] Apache ActiveMQ createDestination.action cross-site scripting
5205| [56653] Apache HTTP Server DNS spoofing
5206| [56652] Apache HTTP Server DNS cross-site scripting
5207| [56625] Apache HTTP Server request header information disclosure
5208| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
5209| [56623] Apache HTTP Server mod_proxy_ajp denial of service
5210| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
5211| [55857] Apache Tomcat WAR files directory traversal
5212| [55856] Apache Tomcat autoDeploy attribute security bypass
5213| [55855] Apache Tomcat WAR directory traversal
5214| [55210] Intuit component for Joomla! Apache information disclosure
5215| [54533] Apache Tomcat 404 error page cross-site scripting
5216| [54182] Apache Tomcat admin default password
5217| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
5218| [53666] Apache HTTP Server Solaris pollset support denial of service
5219| [53650] Apache HTTP Server HTTP basic-auth module security bypass
5220| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
5221| [53041] mod_proxy_ftp module for Apache denial of service
5222| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
5223| [51953] Apache Tomcat Path Disclosure
5224| [51952] Apache Tomcat Path Traversal
5225| [51951] Apache stronghold-status Information Disclosure
5226| [51950] Apache stronghold-info Information Disclosure
5227| [51949] Apache PHP Source Code Disclosure
5228| [51948] Apache Multiviews Attack
5229| [51946] Apache JServ Environment Status Information Disclosure
5230| [51945] Apache error_log Information Disclosure
5231| [51944] Apache Default Installation Page Pattern Found
5232| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
5233| [51942] Apache AXIS XML External Entity File Retrieval
5234| [51941] Apache AXIS Sample Servlet Information Leak
5235| [51940] Apache access_log Information Disclosure
5236| [51626] Apache mod_deflate denial of service
5237| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
5238| [51365] Apache Tomcat RequestDispatcher security bypass
5239| [51273] Apache HTTP Server Incomplete Request denial of service
5240| [51195] Apache Tomcat XML information disclosure
5241| [50994] Apache APR-util xml/apr_xml.c denial of service
5242| [50993] Apache APR-util apr_brigade_vprintf denial of service
5243| [50964] Apache APR-util apr_strmatch_precompile() denial of service
5244| [50930] Apache Tomcat j_security_check information disclosure
5245| [50928] Apache Tomcat AJP denial of service
5246| [50884] Apache HTTP Server XML ENTITY denial of service
5247| [50808] Apache HTTP Server AllowOverride privilege escalation
5248| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
5249| [50059] Apache mod_proxy_ajp information disclosure
5250| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
5251| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
5252| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
5253| [49921] Apache ActiveMQ Web interface cross-site scripting
5254| [49898] Apache Geronimo Services/Repository directory traversal
5255| [49725] Apache Tomcat mod_jk module information disclosure
5256| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
5257| [49712] Apache Struts unspecified cross-site scripting
5258| [49213] Apache Tomcat cal2.jsp cross-site scripting
5259| [48934] Apache Tomcat POST doRead method information disclosure
5260| [48211] Apache Tomcat header HTTP request smuggling
5261| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
5262| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
5263| [47709] Apache Roller "
5264| [47104] Novell Netware ApacheAdmin console security bypass
5265| [47086] Apache HTTP Server OS fingerprinting unspecified
5266| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
5267| [45791] Apache Tomcat RemoteFilterValve security bypass
5268| [44435] Oracle WebLogic Apache Connector buffer overflow
5269| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
5270| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
5271| [44156] Apache Tomcat RequestDispatcher directory traversal
5272| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
5273| [43885] Oracle WebLogic Server Apache Connector buffer overflow
5274| [42987] Apache HTTP Server mod_proxy module denial of service
5275| [42915] Apache Tomcat JSP files path disclosure
5276| [42914] Apache Tomcat MS-DOS path disclosure
5277| [42892] Apache Tomcat unspecified unauthorized access
5278| [42816] Apache Tomcat Host Manager cross-site scripting
5279| [42303] Apache 403 error cross-site scripting
5280| [41618] Apache-SSL ExpandCert() authentication bypass
5281| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
5282| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
5283| [40614] Apache mod_jk2 HTTP Host header buffer overflow
5284| [40562] Apache Geronimo init information disclosure
5285| [40478] Novell Web Manager webadmin-apache.conf security bypass
5286| [40411] Apache Tomcat exception handling information disclosure
5287| [40409] Apache Tomcat native (APR based) connector weak security
5288| [40403] Apache Tomcat quotes and %5C cookie information disclosure
5289| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
5290| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
5291| [39867] Apache HTTP Server mod_negotiation cross-site scripting
5292| [39804] Apache Tomcat SingleSignOn information disclosure
5293| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
5294| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
5295| [39608] Apache HTTP Server balancer manager cross-site request forgery
5296| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
5297| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
5298| [39472] Apache HTTP Server mod_status cross-site scripting
5299| [39201] Apache Tomcat JULI logging weak security
5300| [39158] Apache HTTP Server Windows SMB shares information disclosure
5301| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
5302| [38951] Apache::AuthCAS Perl module cookie SQL injection
5303| [38800] Apache HTTP Server 413 error page cross-site scripting
5304| [38211] Apache Geronimo SQLLoginModule authentication bypass
5305| [37243] Apache Tomcat WebDAV directory traversal
5306| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
5307| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
5308| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
5309| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
5310| [36782] Apache Geronimo MEJB unauthorized access
5311| [36586] Apache HTTP Server UTF-7 cross-site scripting
5312| [36468] Apache Geronimo LoginModule security bypass
5313| [36467] Apache Tomcat functions.jsp cross-site scripting
5314| [36402] Apache Tomcat calendar cross-site request forgery
5315| [36354] Apache HTTP Server mod_proxy module denial of service
5316| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
5317| [36336] Apache Derby lock table privilege escalation
5318| [36335] Apache Derby schema privilege escalation
5319| [36006] Apache Tomcat "
5320| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
5321| [35999] Apache Tomcat \"
5322| [35795] Apache Tomcat CookieExample cross-site scripting
5323| [35536] Apache Tomcat SendMailServlet example cross-site scripting
5324| [35384] Apache HTTP Server mod_cache module denial of service
5325| [35097] Apache HTTP Server mod_status module cross-site scripting
5326| [35095] Apache HTTP Server Prefork MPM module denial of service
5327| [34984] Apache HTTP Server recall_headers information disclosure
5328| [34966] Apache HTTP Server MPM content spoofing
5329| [34965] Apache HTTP Server MPM information disclosure
5330| [34963] Apache HTTP Server MPM multiple denial of service
5331| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
5332| [34869] Apache Tomcat JSP example Web application cross-site scripting
5333| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
5334| [34496] Apache Tomcat JK Connector security bypass
5335| [34377] Apache Tomcat hello.jsp cross-site scripting
5336| [34212] Apache Tomcat SSL configuration security bypass
5337| [34210] Apache Tomcat Accept-Language cross-site scripting
5338| [34209] Apache Tomcat calendar application cross-site scripting
5339| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
5340| [34167] Apache Axis WSDL file path disclosure
5341| [34068] Apache Tomcat AJP connector information disclosure
5342| [33584] Apache HTTP Server suEXEC privilege escalation
5343| [32988] Apache Tomcat proxy module directory traversal
5344| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
5345| [32708] Debian Apache tty privilege escalation
5346| [32441] ApacheStats extract() PHP call unspecified
5347| [32128] Apache Tomcat default account
5348| [31680] Apache Tomcat RequestParamExample cross-site scripting
5349| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
5350| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
5351| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
5352| [30456] Apache mod_auth_kerb off-by-one buffer overflow
5353| [29550] Apache mod_tcl set_var() format string
5354| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
5355| [28357] Apache HTTP Server mod_alias script source information disclosure
5356| [28063] Apache mod_rewrite off-by-one buffer overflow
5357| [27902] Apache Tomcat URL information disclosure
5358| [26786] Apache James SMTP server denial of service
5359| [25680] libapache2 /tmp/svn file upload
5360| [25614] Apache Struts lookupMap cross-site scripting
5361| [25613] Apache Struts ActionForm denial of service
5362| [25612] Apache Struts isCancelled() security bypass
5363| [24965] Apache mod_python FileSession command execution
5364| [24716] Apache James spooler memory leak denial of service
5365| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
5366| [24158] Apache Geronimo jsp-examples cross-site scripting
5367| [24030] Apache auth_ldap module multiple format strings
5368| [24008] Apache mod_ssl custom error message denial of service
5369| [24003] Apache mod_auth_pgsql module multiple syslog format strings
5370| [23612] Apache mod_imap referer field cross-site scripting
5371| [23173] Apache Struts error message cross-site scripting
5372| [22942] Apache Tomcat directory listing denial of service
5373| [22858] Apache Multi-Processing Module code allows denial of service
5374| [22602] RHSA-2005:582 updates for Apache httpd not installed
5375| [22520] Apache mod-auth-shadow "
5376| [22466] ApacheTop symlink
5377| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
5378| [22006] Apache HTTP Server byte-range filter denial of service
5379| [21567] Apache mod_ssl off-by-one buffer overflow
5380| [21195] Apache HTTP Server header HTTP request smuggling
5381| [20383] Apache HTTP Server htdigest buffer overflow
5382| [19681] Apache Tomcat AJP12 request denial of service
5383| [18993] Apache HTTP server check_forensic symlink attack
5384| [18790] Apache Tomcat Manager cross-site scripting
5385| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
5386| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
5387| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
5388| [17961] Apache Web server ServerTokens has not been set
5389| [17930] Apache HTTP Server HTTP GET request denial of service
5390| [17785] Apache mod_include module buffer overflow
5391| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
5392| [17473] Apache HTTP Server Satisfy directive allows access to resources
5393| [17413] Apache htpasswd buffer overflow
5394| [17384] Apache HTTP Server environment variable configuration file buffer overflow
5395| [17382] Apache HTTP Server IPv6 apr_util denial of service
5396| [17366] Apache HTTP Server mod_dav module LOCK denial of service
5397| [17273] Apache HTTP Server speculative mode denial of service
5398| [17200] Apache HTTP Server mod_ssl denial of service
5399| [16890] Apache HTTP Server server-info request has been detected
5400| [16889] Apache HTTP Server server-status request has been detected
5401| [16705] Apache mod_ssl format string attack
5402| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
5403| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
5404| [16230] Apache HTTP Server PHP denial of service
5405| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
5406| [15958] Apache HTTP Server authentication modules memory corruption
5407| [15547] Apache HTTP Server mod_disk_cache local information disclosure
5408| [15540] Apache HTTP Server socket starvation denial of service
5409| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
5410| [15422] Apache HTTP Server mod_access information disclosure
5411| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
5412| [15293] Apache for Cygwin "
5413| [15065] Apache-SSL has a default password
5414| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
5415| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
5416| [14751] Apache Mod_python output filter information disclosure
5417| [14125] Apache HTTP Server mod_userdir module information disclosure
5418| [14075] Apache HTTP Server mod_php file descriptor leak
5419| [13703] Apache HTTP Server account
5420| [13689] Apache HTTP Server configuration allows symlinks
5421| [13688] Apache HTTP Server configuration allows SSI
5422| [13687] Apache HTTP Server Server: header value
5423| [13685] Apache HTTP Server ServerTokens value
5424| [13684] Apache HTTP Server ServerSignature value
5425| [13672] Apache HTTP Server config allows directory autoindexing
5426| [13671] Apache HTTP Server default content
5427| [13670] Apache HTTP Server config file directive references outside content root
5428| [13668] Apache HTTP Server httpd not running in chroot environment
5429| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
5430| [13664] Apache HTTP Server config file contains ScriptAlias entry
5431| [13663] Apache HTTP Server CGI support modules loaded
5432| [13661] Apache HTTP Server config file contains AddHandler entry
5433| [13660] Apache HTTP Server 500 error page not CGI script
5434| [13659] Apache HTTP Server 413 error page not CGI script
5435| [13658] Apache HTTP Server 403 error page not CGI script
5436| [13657] Apache HTTP Server 401 error page not CGI script
5437| [13552] Apache HTTP Server mod_cgid module information disclosure
5438| [13550] Apache GET request directory traversal
5439| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
5440| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
5441| [13429] Apache Tomcat non-HTTP request denial of service
5442| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
5443| [13295] Apache weak password encryption
5444| [13254] Apache Tomcat .jsp cross-site scripting
5445| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
5446| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
5447| [12681] Apache HTTP Server mod_proxy could allow mail relaying
5448| [12662] Apache HTTP Server rotatelogs denial of service
5449| [12554] Apache Tomcat stores password in plain text
5450| [12553] Apache HTTP Server redirects and subrequests denial of service
5451| [12552] Apache HTTP Server FTP proxy server denial of service
5452| [12551] Apache HTTP Server prefork MPM denial of service
5453| [12550] Apache HTTP Server weaker than expected encryption
5454| [12549] Apache HTTP Server type-map file denial of service
5455| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
5456| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
5457| [12091] Apache HTTP Server apr_password_validate denial of service
5458| [12090] Apache HTTP Server apr_psprintf code execution
5459| [11804] Apache HTTP Server mod_access_referer denial of service
5460| [11750] Apache HTTP Server could leak sensitive file descriptors
5461| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
5462| [11703] Apache long slash path allows directory listing
5463| [11695] Apache HTTP Server LF (Line Feed) denial of service
5464| [11694] Apache HTTP Server filestat.c denial of service
5465| [11438] Apache HTTP Server MIME message boundaries information disclosure
5466| [11412] Apache HTTP Server error log terminal escape sequence injection
5467| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
5468| [11195] Apache Tomcat web.xml could be used to read files
5469| [11194] Apache Tomcat URL appended with a null character could list directories
5470| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
5471| [11126] Apache HTTP Server illegal character file disclosure
5472| [11125] Apache HTTP Server DOS device name HTTP POST code execution
5473| [11124] Apache HTTP Server DOS device name denial of service
5474| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
5475| [10938] Apache HTTP Server printenv test CGI cross-site scripting
5476| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
5477| [10575] Apache mod_php module could allow an attacker to take over the httpd process
5478| [10499] Apache HTTP Server WebDAV HTTP POST view source
5479| [10457] Apache HTTP Server mod_ssl "
5480| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
5481| [10414] Apache HTTP Server htdigest multiple buffer overflows
5482| [10413] Apache HTTP Server htdigest temporary file race condition
5483| [10412] Apache HTTP Server htpasswd temporary file race condition
5484| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
5485| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
5486| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
5487| [10280] Apache HTTP Server shared memory scorecard overwrite
5488| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
5489| [10241] Apache HTTP Server Host: header cross-site scripting
5490| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
5491| [10208] Apache HTTP Server mod_dav denial of service
5492| [10206] HP VVOS Apache mod_ssl denial of service
5493| [10200] Apache HTTP Server stderr denial of service
5494| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
5495| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
5496| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
5497| [10098] Slapper worm targets OpenSSL/Apache systems
5498| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
5499| [9875] Apache HTTP Server .var file request could disclose installation path
5500| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
5501| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
5502| [9623] Apache HTTP Server ap_log_rerror() path disclosure
5503| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
5504| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
5505| [9396] Apache Tomcat null character to threads denial of service
5506| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
5507| [9249] Apache HTTP Server chunked encoding heap buffer overflow
5508| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
5509| [8932] Apache Tomcat example class information disclosure
5510| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
5511| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
5512| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
5513| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
5514| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
5515| [8400] Apache HTTP Server mod_frontpage buffer overflows
5516| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
5517| [8308] Apache "
5518| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
5519| [8119] Apache and PHP OPTIONS request reveals "
5520| [8054] Apache is running on the system
5521| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
5522| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
5523| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
5524| [7836] Apache HTTP Server log directory denial of service
5525| [7815] Apache for Windows "
5526| [7810] Apache HTTP request could result in unexpected behavior
5527| [7599] Apache Tomcat reveals installation path
5528| [7494] Apache "
5529| [7419] Apache Web Server could allow remote attackers to overwrite .log files
5530| [7363] Apache Web Server hidden HTTP requests
5531| [7249] Apache mod_proxy denial of service
5532| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
5533| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
5534| [7059] Apache "
5535| [7057] Apache "
5536| [7056] Apache "
5537| [7055] Apache "
5538| [7054] Apache "
5539| [6997] Apache Jakarta Tomcat error message may reveal information
5540| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
5541| [6970] Apache crafted HTTP request could reveal the internal IP address
5542| [6921] Apache long slash path allows directory listing
5543| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
5544| [6527] Apache Web Server for Windows and OS2 denial of service
5545| [6316] Apache Jakarta Tomcat may reveal JSP source code
5546| [6305] Apache Jakarta Tomcat directory traversal
5547| [5926] Linux Apache symbolic link
5548| [5659] Apache Web server discloses files when used with php script
5549| [5310] Apache mod_rewrite allows attacker to view arbitrary files
5550| [5204] Apache WebDAV directory listings
5551| [5197] Apache Web server reveals CGI script source code
5552| [5160] Apache Jakarta Tomcat default installation
5553| [5099] Trustix Secure Linux installs Apache with world writable access
5554| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
5555| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
5556| [4931] Apache source.asp example file allows users to write to files
5557| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
5558| [4205] Apache Jakarta Tomcat delivers file contents
5559| [2084] Apache on Debian by default serves the /usr/doc directory
5560| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
5561| [697] Apache HTTP server beck exploit
5562| [331] Apache cookies buffer overflow
5563|
5564| Exploit-DB - https://www.exploit-db.com:
5565| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
5566| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
5567| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
5568| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
5569| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
5570| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
5571| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
5572| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
5573| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
5574| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
5575| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
5576| [29859] Apache Roller OGNL Injection
5577| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
5578| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
5579| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
5580| [29290] Apache / PHP 5.x Remote Code Execution Exploit
5581| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
5582| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
5583| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
5584| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
5585| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
5586| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
5587| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
5588| [27096] Apache Geronimo 1.0 Error Page XSS
5589| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
5590| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
5591| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
5592| [25986] Plesk Apache Zeroday Remote Exploit
5593| [25980] Apache Struts includeParams Remote Code Execution
5594| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
5595| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
5596| [24874] Apache Struts ParametersInterceptor Remote Code Execution
5597| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
5598| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
5599| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
5600| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
5601| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
5602| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
5603| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
5604| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
5605| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
5606| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
5607| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
5608| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
5609| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
5610| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
5611| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
5612| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
5613| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
5614| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
5615| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
5616| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
5617| [21719] Apache 2.0 Path Disclosure Vulnerability
5618| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
5619| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
5620| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
5621| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
5622| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
5623| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
5624| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
5625| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
5626| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
5627| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
5628| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
5629| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
5630| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
5631| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
5632| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
5633| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
5634| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
5635| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
5636| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
5637| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
5638| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
5639| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
5640| [20558] Apache 1.2 Web Server DoS Vulnerability
5641| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
5642| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
5643| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
5644| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
5645| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
5646| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
5647| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
5648| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
5649| [19231] PHP apache_request_headers Function Buffer Overflow
5650| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
5651| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
5652| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
5653| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
5654| [18442] Apache httpOnly Cookie Disclosure
5655| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
5656| [18221] Apache HTTP Server Denial of Service
5657| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
5658| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
5659| [17691] Apache Struts < 2.2.0 - Remote Command Execution
5660| [16798] Apache mod_jk 1.2.20 Buffer Overflow
5661| [16782] Apache Win32 Chunked Encoding
5662| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
5663| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
5664| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
5665| [15319] Apache 2.2 (Windows) Local Denial of Service
5666| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
5667| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5668| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
5669| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
5670| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
5671| [12330] Apache OFBiz - Multiple XSS
5672| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
5673| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
5674| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
5675| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
5676| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
5677| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
5678| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
5679| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
5680| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5681| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
5682| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
5683| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
5684| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
5685| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
5686| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
5687| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
5688| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
5689| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
5690| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
5691| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
5692| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
5693| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
5694| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
5695| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
5696| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
5697| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
5698| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
5699| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
5700| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
5701| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
5702| [466] htpasswd Apache 1.3.31 - Local Exploit
5703| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
5704| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
5705| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
5706| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
5707| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
5708| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
5709| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
5710| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
5711| [9] Apache HTTP Server 2.x Memory Leak Exploit
5712|
5713| OpenVAS (Nessus) - http://www.openvas.org:
5714| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
5715| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
5716| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
5717| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
5718| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
5719| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
5720| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
5721| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
5722| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
5723| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
5724| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
5725| [900571] Apache APR-Utils Version Detection
5726| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
5727| [900496] Apache Tiles Multiple XSS Vulnerability
5728| [900493] Apache Tiles Version Detection
5729| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
5730| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
5731| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
5732| [870175] RedHat Update for apache RHSA-2008:0004-01
5733| [864591] Fedora Update for apache-poi FEDORA-2012-10835
5734| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
5735| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
5736| [864250] Fedora Update for apache-poi FEDORA-2012-7683
5737| [864249] Fedora Update for apache-poi FEDORA-2012-7686
5738| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
5739| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
5740| [855821] Solaris Update for Apache 1.3 122912-19
5741| [855812] Solaris Update for Apache 1.3 122911-19
5742| [855737] Solaris Update for Apache 1.3 122911-17
5743| [855731] Solaris Update for Apache 1.3 122912-17
5744| [855695] Solaris Update for Apache 1.3 122911-16
5745| [855645] Solaris Update for Apache 1.3 122912-16
5746| [855587] Solaris Update for kernel update and Apache 108529-29
5747| [855566] Solaris Update for Apache 116973-07
5748| [855531] Solaris Update for Apache 116974-07
5749| [855524] Solaris Update for Apache 2 120544-14
5750| [855494] Solaris Update for Apache 1.3 122911-15
5751| [855478] Solaris Update for Apache Security 114145-11
5752| [855472] Solaris Update for Apache Security 113146-12
5753| [855179] Solaris Update for Apache 1.3 122912-15
5754| [855147] Solaris Update for kernel update and Apache 108528-29
5755| [855077] Solaris Update for Apache 2 120543-14
5756| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
5757| [850088] SuSE Update for apache2 SUSE-SA:2007:061
5758| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
5759| [841209] Ubuntu Update for apache2 USN-1627-1
5760| [840900] Ubuntu Update for apache2 USN-1368-1
5761| [840798] Ubuntu Update for apache2 USN-1259-1
5762| [840734] Ubuntu Update for apache2 USN-1199-1
5763| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
5764| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
5765| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
5766| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
5767| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
5768| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
5769| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
5770| [835253] HP-UX Update for Apache Web Server HPSBUX02645
5771| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
5772| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
5773| [835236] HP-UX Update for Apache with PHP HPSBUX02543
5774| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
5775| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
5776| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
5777| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
5778| [835188] HP-UX Update for Apache HPSBUX02308
5779| [835181] HP-UX Update for Apache With PHP HPSBUX02332
5780| [835180] HP-UX Update for Apache with PHP HPSBUX02342
5781| [835172] HP-UX Update for Apache HPSBUX02365
5782| [835168] HP-UX Update for Apache HPSBUX02313
5783| [835148] HP-UX Update for Apache HPSBUX01064
5784| [835139] HP-UX Update for Apache with PHP HPSBUX01090
5785| [835131] HP-UX Update for Apache HPSBUX00256
5786| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
5787| [835104] HP-UX Update for Apache HPSBUX00224
5788| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
5789| [835101] HP-UX Update for Apache HPSBUX01232
5790| [835080] HP-UX Update for Apache HPSBUX02273
5791| [835078] HP-UX Update for ApacheStrong HPSBUX00255
5792| [835044] HP-UX Update for Apache HPSBUX01019
5793| [835040] HP-UX Update for Apache PHP HPSBUX00207
5794| [835025] HP-UX Update for Apache HPSBUX00197
5795| [835023] HP-UX Update for Apache HPSBUX01022
5796| [835022] HP-UX Update for Apache HPSBUX02292
5797| [835005] HP-UX Update for Apache HPSBUX02262
5798| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
5799| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
5800| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
5801| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
5802| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
5803| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
5804| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
5805| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
5806| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
5807| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
5808| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
5809| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
5810| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
5811| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
5812| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
5813| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
5814| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
5815| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
5816| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
5817| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
5818| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
5819| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
5820| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
5821| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
5822| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
5823| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
5824| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
5825| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
5826| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
5827| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
5828| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
5829| [801942] Apache Archiva Multiple Vulnerabilities
5830| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
5831| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
5832| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
5833| [801284] Apache Derby Information Disclosure Vulnerability
5834| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
5835| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
5836| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
5837| [800680] Apache APR Version Detection
5838| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
5839| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
5840| [800677] Apache Roller Version Detection
5841| [800279] Apache mod_jk Module Version Detection
5842| [800278] Apache Struts Cross Site Scripting Vulnerability
5843| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
5844| [800276] Apache Struts Version Detection
5845| [800271] Apache Struts Directory Traversal Vulnerability
5846| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
5847| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
5848| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
5849| [103122] Apache Web Server ETag Header Information Disclosure Weakness
5850| [103074] Apache Continuum Cross Site Scripting Vulnerability
5851| [103073] Apache Continuum Detection
5852| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
5853| [101023] Apache Open For Business Weak Password security check
5854| [101020] Apache Open For Business HTML injection vulnerability
5855| [101019] Apache Open For Business service detection
5856| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
5857| [100923] Apache Archiva Detection
5858| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
5859| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
5860| [100813] Apache Axis2 Detection
5861| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
5862| [100795] Apache Derby Detection
5863| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
5864| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
5865| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
5866| [100514] Apache Multiple Security Vulnerabilities
5867| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
5868| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
5869| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
5870| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
5871| [72626] Debian Security Advisory DSA 2579-1 (apache2)
5872| [72612] FreeBSD Ports: apache22
5873| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
5874| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
5875| [71512] FreeBSD Ports: apache
5876| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
5877| [71256] Debian Security Advisory DSA 2452-1 (apache2)
5878| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
5879| [70737] FreeBSD Ports: apache
5880| [70724] Debian Security Advisory DSA 2405-1 (apache2)
5881| [70600] FreeBSD Ports: apache
5882| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
5883| [70235] Debian Security Advisory DSA 2298-2 (apache2)
5884| [70233] Debian Security Advisory DSA 2298-1 (apache2)
5885| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
5886| [69338] Debian Security Advisory DSA 2202-1 (apache2)
5887| [67868] FreeBSD Ports: apache
5888| [66816] FreeBSD Ports: apache
5889| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
5890| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
5891| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
5892| [66081] SLES11: Security update for Apache 2
5893| [66074] SLES10: Security update for Apache 2
5894| [66070] SLES9: Security update for Apache 2
5895| [65998] SLES10: Security update for apache2-mod_python
5896| [65893] SLES10: Security update for Apache 2
5897| [65888] SLES10: Security update for Apache 2
5898| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
5899| [65510] SLES9: Security update for Apache 2
5900| [65472] SLES9: Security update for Apache
5901| [65467] SLES9: Security update for Apache
5902| [65450] SLES9: Security update for apache2
5903| [65390] SLES9: Security update for Apache2
5904| [65363] SLES9: Security update for Apache2
5905| [65309] SLES9: Security update for Apache and mod_ssl
5906| [65296] SLES9: Security update for webdav apache module
5907| [65283] SLES9: Security update for Apache2
5908| [65249] SLES9: Security update for Apache 2
5909| [65230] SLES9: Security update for Apache 2
5910| [65228] SLES9: Security update for Apache 2
5911| [65212] SLES9: Security update for apache2-mod_python
5912| [65209] SLES9: Security update for apache2-worker
5913| [65207] SLES9: Security update for Apache 2
5914| [65168] SLES9: Security update for apache2-mod_python
5915| [65142] SLES9: Security update for Apache2
5916| [65136] SLES9: Security update for Apache 2
5917| [65132] SLES9: Security update for apache
5918| [65131] SLES9: Security update for Apache 2 oes/CORE
5919| [65113] SLES9: Security update for apache2
5920| [65072] SLES9: Security update for apache and mod_ssl
5921| [65017] SLES9: Security update for Apache 2
5922| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
5923| [64783] FreeBSD Ports: apache
5924| [64774] Ubuntu USN-802-2 (apache2)
5925| [64653] Ubuntu USN-813-2 (apache2)
5926| [64559] Debian Security Advisory DSA 1834-2 (apache2)
5927| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
5928| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
5929| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
5930| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
5931| [64443] Ubuntu USN-802-1 (apache2)
5932| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
5933| [64423] Debian Security Advisory DSA 1834-1 (apache2)
5934| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
5935| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
5936| [64251] Debian Security Advisory DSA 1816-1 (apache2)
5937| [64201] Ubuntu USN-787-1 (apache2)
5938| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
5939| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
5940| [63565] FreeBSD Ports: apache
5941| [63562] Ubuntu USN-731-1 (apache2)
5942| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
5943| [61185] FreeBSD Ports: apache
5944| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
5945| [60387] Slackware Advisory SSA:2008-045-02 apache
5946| [58826] FreeBSD Ports: apache-tomcat
5947| [58825] FreeBSD Ports: apache-tomcat
5948| [58804] FreeBSD Ports: apache
5949| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
5950| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
5951| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
5952| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
5953| [57335] Debian Security Advisory DSA 1167-1 (apache)
5954| [57201] Debian Security Advisory DSA 1131-1 (apache)
5955| [57200] Debian Security Advisory DSA 1132-1 (apache2)
5956| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
5957| [57145] FreeBSD Ports: apache
5958| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
5959| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
5960| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
5961| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
5962| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
5963| [56067] FreeBSD Ports: apache
5964| [55803] Slackware Advisory SSA:2005-310-04 apache
5965| [55519] Debian Security Advisory DSA 839-1 (apachetop)
5966| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
5967| [55355] FreeBSD Ports: apache
5968| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
5969| [55261] Debian Security Advisory DSA 805-1 (apache2)
5970| [55259] Debian Security Advisory DSA 803-1 (apache)
5971| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
5972| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
5973| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
5974| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
5975| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
5976| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
5977| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
5978| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
5979| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
5980| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
5981| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
5982| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
5983| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
5984| [54439] FreeBSD Ports: apache
5985| [53931] Slackware Advisory SSA:2004-133-01 apache
5986| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
5987| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
5988| [53878] Slackware Advisory SSA:2003-308-01 apache security update
5989| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
5990| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
5991| [53848] Debian Security Advisory DSA 131-1 (apache)
5992| [53784] Debian Security Advisory DSA 021-1 (apache)
5993| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
5994| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
5995| [53735] Debian Security Advisory DSA 187-1 (apache)
5996| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
5997| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
5998| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
5999| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
6000| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
6001| [53282] Debian Security Advisory DSA 594-1 (apache)
6002| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
6003| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
6004| [53215] Debian Security Advisory DSA 525-1 (apache)
6005| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
6006| [52529] FreeBSD Ports: apache+ssl
6007| [52501] FreeBSD Ports: apache
6008| [52461] FreeBSD Ports: apache
6009| [52390] FreeBSD Ports: apache
6010| [52389] FreeBSD Ports: apache
6011| [52388] FreeBSD Ports: apache
6012| [52383] FreeBSD Ports: apache
6013| [52339] FreeBSD Ports: apache+mod_ssl
6014| [52331] FreeBSD Ports: apache
6015| [52329] FreeBSD Ports: ru-apache+mod_ssl
6016| [52314] FreeBSD Ports: apache
6017| [52310] FreeBSD Ports: apache
6018| [15588] Detect Apache HTTPS
6019| [15555] Apache mod_proxy content-length buffer overflow
6020| [15554] Apache mod_include priviledge escalation
6021| [14771] Apache <= 1.3.33 htpasswd local overflow
6022| [14177] Apache mod_access rule bypass
6023| [13644] Apache mod_rootme Backdoor
6024| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
6025| [12280] Apache Connection Blocking Denial of Service
6026| [12239] Apache Error Log Escape Sequence Injection
6027| [12123] Apache Tomcat source.jsp malformed request information disclosure
6028| [12085] Apache Tomcat servlet/JSP container default files
6029| [11438] Apache Tomcat Directory Listing and File disclosure
6030| [11204] Apache Tomcat Default Accounts
6031| [11092] Apache 2.0.39 Win32 directory traversal
6032| [11046] Apache Tomcat TroubleShooter Servlet Installed
6033| [11042] Apache Tomcat DOS Device Name XSS
6034| [11041] Apache Tomcat /servlet Cross Site Scripting
6035| [10938] Apache Remote Command Execution via .bat files
6036| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
6037| [10773] MacOS X Finder reveals contents of Apache Web files
6038| [10766] Apache UserDir Sensitive Information Disclosure
6039| [10756] MacOS X Finder reveals contents of Apache Web directories
6040| [10752] Apache Auth Module SQL Insertion Attack
6041| [10704] Apache Directory Listing
6042| [10678] Apache /server-info accessible
6043| [10677] Apache /server-status accessible
6044| [10440] Check for Apache Multiple / vulnerability
6045|
6046| SecurityTracker - https://www.securitytracker.com:
6047| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
6048| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
6049| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
6050| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
6051| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6052| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6053| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6054| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
6055| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
6056| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
6057| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
6058| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
6059| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
6060| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
6061| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
6062| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
6063| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
6064| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
6065| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
6066| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
6067| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
6068| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
6069| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
6070| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
6071| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
6072| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6073| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
6074| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
6075| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
6076| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
6077| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
6078| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
6079| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
6080| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
6081| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
6082| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
6083| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
6084| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
6085| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
6086| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
6087| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
6088| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
6089| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
6090| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
6091| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
6092| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
6093| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
6094| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
6095| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
6096| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
6097| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
6098| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
6099| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
6100| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
6101| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
6102| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
6103| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
6104| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
6105| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
6106| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
6107| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
6108| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
6109| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
6110| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
6111| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
6112| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
6113| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
6114| [1024096] Apache mod_proxy_http May Return Results for a Different Request
6115| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
6116| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
6117| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
6118| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
6119| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
6120| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
6121| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
6122| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
6123| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
6124| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
6125| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
6126| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
6127| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
6128| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6129| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
6130| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
6131| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
6132| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
6133| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
6134| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
6135| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
6136| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
6137| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
6138| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
6139| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
6140| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
6141| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
6142| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
6143| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
6144| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
6145| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
6146| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
6147| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
6148| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
6149| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
6150| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
6151| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
6152| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
6153| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
6154| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
6155| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
6156| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
6157| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
6158| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
6159| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
6160| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
6161| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
6162| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
6163| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
6164| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
6165| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
6166| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
6167| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
6168| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
6169| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
6170| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
6171| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
6172| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
6173| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
6174| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
6175| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
6176| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
6177| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
6178| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
6179| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
6180| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
6181| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
6182| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
6183| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
6184| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
6185| [1008920] Apache mod_digest May Validate Replayed Client Responses
6186| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
6187| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
6188| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
6189| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
6190| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
6191| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
6192| [1008030] Apache mod_rewrite Contains a Buffer Overflow
6193| [1008029] Apache mod_alias Contains a Buffer Overflow
6194| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
6195| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
6196| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
6197| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
6198| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
6199| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
6200| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
6201| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
6202| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
6203| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
6204| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
6205| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
6206| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
6207| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
6208| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
6209| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
6210| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
6211| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
6212| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
6213| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
6214| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
6215| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
6216| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
6217| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
6218| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
6219| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
6220| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
6221| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
6222| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
6223| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
6224| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
6225| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
6226| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
6227| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
6228| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
6229| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
6230| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
6231| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
6232| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6233| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
6234| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
6235| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
6236| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
6237| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
6238| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
6239| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
6240| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
6241| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
6242| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
6243| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
6244| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
6245| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
6246| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
6247| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
6248| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
6249| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
6250|
6251| OSVDB - http://www.osvdb.org:
6252| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
6253| [96077] Apache CloudStack Global Settings Multiple Field XSS
6254| [96076] Apache CloudStack Instances Menu Display Name Field XSS
6255| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
6256| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
6257| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
6258| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
6259| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
6260| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
6261| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
6262| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
6263| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
6264| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6265| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
6266| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
6267| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
6268| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
6269| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
6270| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
6271| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
6272| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
6273| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
6274| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
6275| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
6276| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
6277| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
6278| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
6279| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
6280| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
6281| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
6282| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
6283| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
6284| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
6285| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
6286| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
6287| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
6288| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
6289| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
6290| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
6291| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
6292| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
6293| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
6294| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
6295| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
6296| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
6297| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
6298| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
6299| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
6300| [94279] Apache Qpid CA Certificate Validation Bypass
6301| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
6302| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
6303| [94042] Apache Axis JAX-WS Java Unspecified Exposure
6304| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
6305| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
6306| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
6307| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
6308| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
6309| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
6310| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
6311| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
6312| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
6313| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
6314| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
6315| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
6316| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
6317| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
6318| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
6319| [93541] Apache Solr json.wrf Callback XSS
6320| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
6321| [93521] Apache jUDDI Security API Token Session Persistence Weakness
6322| [93520] Apache CloudStack Default SSL Key Weakness
6323| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
6324| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
6325| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
6326| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
6327| [93515] Apache HBase table.jsp name Parameter XSS
6328| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
6329| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
6330| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
6331| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
6332| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
6333| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
6334| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
6335| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
6336| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
6337| [93252] Apache Tomcat FORM Authenticator Session Fixation
6338| [93172] Apache Camel camel/endpoints/ Endpoint XSS
6339| [93171] Apache Sling HtmlResponse Error Message XSS
6340| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
6341| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
6342| [93168] Apache Click ErrorReport.java id Parameter XSS
6343| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
6344| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
6345| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
6346| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
6347| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
6348| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
6349| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
6350| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
6351| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
6352| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
6353| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
6354| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
6355| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
6356| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
6357| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
6358| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
6359| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
6360| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
6361| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
6362| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
6363| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
6364| [93144] Apache Solr Admin Command Execution CSRF
6365| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
6366| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
6367| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
6368| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
6369| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
6370| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
6371| [92748] Apache CloudStack VM Console Access Restriction Bypass
6372| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
6373| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
6374| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
6375| [92706] Apache ActiveMQ Debug Log Rendering XSS
6376| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
6377| [92270] Apache Tomcat Unspecified CSRF
6378| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
6379| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
6380| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
6381| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
6382| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
6383| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
6384| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
6385| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
6386| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
6387| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
6388| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
6389| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
6390| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
6391| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
6392| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
6393| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
6394| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
6395| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
6396| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
6397| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
6398| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
6399| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
6400| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
6401| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
6402| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
6403| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
6404| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
6405| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
6406| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
6407| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
6408| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
6409| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
6410| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
6411| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
6412| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
6413| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
6414| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
6415| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
6416| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
6417| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
6418| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
6419| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
6420| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
6421| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
6422| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
6423| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
6424| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
6425| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
6426| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
6427| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
6428| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
6429| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
6430| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
6431| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
6432| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
6433| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
6434| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
6435| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
6436| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
6437| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
6438| [86901] Apache Tomcat Error Message Path Disclosure
6439| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
6440| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
6441| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
6442| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
6443| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
6444| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
6445| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
6446| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
6447| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
6448| [85430] Apache mod_pagespeed Module Unspecified XSS
6449| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
6450| [85249] Apache Wicket Unspecified XSS
6451| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
6452| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
6453| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
6454| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
6455| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
6456| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
6457| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
6458| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
6459| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
6460| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
6461| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
6462| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
6463| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
6464| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
6465| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
6466| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
6467| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
6468| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
6469| [83339] Apache Roller Blogger Roll Unspecified XSS
6470| [83270] Apache Roller Unspecified Admin Action CSRF
6471| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
6472| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
6473| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
6474| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
6475| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
6476| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
6477| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
6478| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
6479| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
6480| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
6481| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
6482| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
6483| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
6484| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
6485| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
6486| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
6487| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
6488| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
6489| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
6490| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
6491| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
6492| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
6493| [80300] Apache Wicket wicket:pageMapName Parameter XSS
6494| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
6495| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
6496| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
6497| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
6498| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
6499| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
6500| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
6501| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
6502| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
6503| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
6504| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
6505| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
6506| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
6507| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
6508| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
6509| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
6510| [78331] Apache Tomcat Request Object Recycling Information Disclosure
6511| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
6512| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
6513| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
6514| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
6515| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
6516| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
6517| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
6518| [77593] Apache Struts Conversion Error OGNL Expression Injection
6519| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
6520| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
6521| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
6522| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
6523| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
6524| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
6525| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
6526| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
6527| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
6528| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
6529| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
6530| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
6531| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
6532| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
6533| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
6534| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
6535| [74725] Apache Wicket Multi Window Support Unspecified XSS
6536| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
6537| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
6538| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
6539| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
6540| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
6541| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
6542| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
6543| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
6544| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
6545| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
6546| [73644] Apache XML Security Signature Key Parsing Overflow DoS
6547| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
6548| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
6549| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
6550| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
6551| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
6552| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
6553| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
6554| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
6555| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
6556| [73154] Apache Archiva Multiple Unspecified CSRF
6557| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
6558| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
6559| [72238] Apache Struts Action / Method Names <
6560| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
6561| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
6562| [71557] Apache Tomcat HTML Manager Multiple XSS
6563| [71075] Apache Archiva User Management Page XSS
6564| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
6565| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
6566| [70924] Apache Continuum Multiple Admin Function CSRF
6567| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
6568| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
6569| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
6570| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
6571| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
6572| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
6573| [69520] Apache Archiva Administrator Credential Manipulation CSRF
6574| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
6575| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
6576| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
6577| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
6578| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
6579| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
6580| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
6581| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
6582| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
6583| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
6584| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
6585| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
6586| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
6587| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
6588| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
6589| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
6590| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
6591| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
6592| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
6593| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
6594| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
6595| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
6596| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
6597| [65054] Apache ActiveMQ Jetty Error Handler XSS
6598| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
6599| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
6600| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
6601| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
6602| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
6603| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
6604| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
6605| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
6606| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
6607| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
6608| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
6609| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
6610| [63895] Apache HTTP Server mod_headers Unspecified Issue
6611| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
6612| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
6613| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
6614| [63140] Apache Thrift Service Malformed Data Remote DoS
6615| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
6616| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
6617| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
6618| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
6619| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
6620| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
6621| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
6622| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
6623| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
6624| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
6625| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
6626| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
6627| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
6628| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
6629| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
6630| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
6631| [60678] Apache Roller Comment Email Notification Manipulation DoS
6632| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
6633| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
6634| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
6635| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
6636| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
6637| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
6638| [60232] PHP on Apache php.exe Direct Request Remote DoS
6639| [60176] Apache Tomcat Windows Installer Admin Default Password
6640| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
6641| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
6642| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
6643| [59944] Apache Hadoop jobhistory.jsp XSS
6644| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
6645| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
6646| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
6647| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
6648| [59019] Apache mod_python Cookie Salting Weakness
6649| [59018] Apache Harmony Error Message Handling Overflow
6650| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
6651| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
6652| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
6653| [59010] Apache Solr get-file.jsp XSS
6654| [59009] Apache Solr action.jsp XSS
6655| [59008] Apache Solr analysis.jsp XSS
6656| [59007] Apache Solr schema.jsp Multiple Parameter XSS
6657| [59006] Apache Beehive select / checkbox Tag XSS
6658| [59005] Apache Beehive jpfScopeID Global Parameter XSS
6659| [59004] Apache Beehive Error Message XSS
6660| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
6661| [59002] Apache Jetspeed default-page.psml URI XSS
6662| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
6663| [59000] Apache CXF Unsigned Message Policy Bypass
6664| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
6665| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
6666| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
6667| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
6668| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
6669| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
6670| [58993] Apache Hadoop browseBlock.jsp XSS
6671| [58991] Apache Hadoop browseDirectory.jsp XSS
6672| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
6673| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
6674| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
6675| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
6676| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
6677| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
6678| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
6679| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
6680| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
6681| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
6682| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
6683| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
6684| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
6685| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
6686| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
6687| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
6688| [58974] Apache Sling /apps Script User Session Management Access Weakness
6689| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
6690| [58931] Apache Geronimo Cookie Parameters Validation Weakness
6691| [58930] Apache Xalan-C++ XPath Handling Remote DoS
6692| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
6693| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
6694| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
6695| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
6696| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
6697| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
6698| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
6699| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
6700| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
6701| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
6702| [58805] Apache Derby Unauthenticated Database / Admin Access
6703| [58804] Apache Wicket Header Contribution Unspecified Issue
6704| [58803] Apache Wicket Session Fixation
6705| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
6706| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
6707| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
6708| [58799] Apache Tapestry Logging Cleartext Password Disclosure
6709| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
6710| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
6711| [58796] Apache Jetspeed Unsalted Password Storage Weakness
6712| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
6713| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
6714| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
6715| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
6716| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
6717| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
6718| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
6719| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
6720| [58775] Apache JSPWiki preview.jsp action Parameter XSS
6721| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6722| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
6723| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
6724| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
6725| [58770] Apache JSPWiki Group.jsp group Parameter XSS
6726| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
6727| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
6728| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
6729| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
6730| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
6731| [58763] Apache JSPWiki Include Tag Multiple Script XSS
6732| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
6733| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
6734| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
6735| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
6736| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
6737| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
6738| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
6739| [58755] Apache Harmony DRLVM Non-public Class Member Access
6740| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
6741| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
6742| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
6743| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
6744| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
6745| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
6746| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
6747| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
6748| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
6749| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
6750| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
6751| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
6752| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
6753| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
6754| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
6755| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
6756| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
6757| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
6758| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
6759| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
6760| [58725] Apache Tapestry Basic String ACL Bypass Weakness
6761| [58724] Apache Roller Logout Functionality Failure Session Persistence
6762| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
6763| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
6764| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
6765| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
6766| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
6767| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
6768| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
6769| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
6770| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
6771| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
6772| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
6773| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
6774| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
6775| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
6776| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
6777| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
6778| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
6779| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
6780| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
6781| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
6782| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
6783| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
6784| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
6785| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
6786| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
6787| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
6788| [58687] Apache Axis Invalid wsdl Request XSS
6789| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
6790| [58685] Apache Velocity Template Designer Privileged Code Execution
6791| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
6792| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
6793| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
6794| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
6795| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
6796| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
6797| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
6798| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
6799| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
6800| [58667] Apache Roller Database Cleartext Passwords Disclosure
6801| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
6802| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
6803| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
6804| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
6805| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
6806| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
6807| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
6808| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
6809| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
6810| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
6811| [56984] Apache Xerces2 Java Malformed XML Input DoS
6812| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
6813| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
6814| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
6815| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
6816| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
6817| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
6818| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
6819| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
6820| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
6821| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
6822| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
6823| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
6824| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
6825| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
6826| [55056] Apache Tomcat Cross-application TLD File Manipulation
6827| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
6828| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
6829| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
6830| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
6831| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
6832| [54589] Apache Jserv Nonexistent JSP Request XSS
6833| [54122] Apache Struts s:a / s:url Tag href Element XSS
6834| [54093] Apache ActiveMQ Web Console JMS Message XSS
6835| [53932] Apache Geronimo Multiple Admin Function CSRF
6836| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
6837| [53930] Apache Geronimo /console/portal/ URI XSS
6838| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
6839| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
6840| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
6841| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
6842| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
6843| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
6844| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
6845| [53380] Apache Struts Unspecified XSS
6846| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
6847| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
6848| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
6849| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
6850| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
6851| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
6852| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
6853| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
6854| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
6855| [51151] Apache Roller Search Function q Parameter XSS
6856| [50482] PHP with Apache php_value Order Unspecified Issue
6857| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
6858| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
6859| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
6860| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
6861| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
6862| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
6863| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
6864| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
6865| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
6866| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
6867| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
6868| [47096] Oracle Weblogic Apache Connector POST Request Overflow
6869| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
6870| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
6871| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
6872| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
6873| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
6874| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
6875| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
6876| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
6877| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
6878| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
6879| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
6880| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
6881| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
6882| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
6883| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
6884| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
6885| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
6886| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
6887| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
6888| [43452] Apache Tomcat HTTP Request Smuggling
6889| [43309] Apache Geronimo LoginModule Login Method Bypass
6890| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
6891| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
6892| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
6893| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
6894| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
6895| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
6896| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
6897| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
6898| [42091] Apache Maven Site Plugin Installation Permission Weakness
6899| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
6900| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
6901| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
6902| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
6903| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
6904| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
6905| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
6906| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
6907| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
6908| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
6909| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
6910| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
6911| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
6912| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
6913| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
6914| [40262] Apache HTTP Server mod_status refresh XSS
6915| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
6916| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
6917| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
6918| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
6919| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
6920| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
6921| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
6922| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
6923| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
6924| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
6925| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
6926| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
6927| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
6928| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
6929| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
6930| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
6931| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
6932| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
6933| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
6934| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
6935| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
6936| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
6937| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
6938| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
6939| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
6940| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
6941| [36080] Apache Tomcat JSP Examples Crafted URI XSS
6942| [36079] Apache Tomcat Manager Uploaded Filename XSS
6943| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
6944| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
6945| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
6946| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
6947| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
6948| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
6949| [34881] Apache Tomcat Malformed Accept-Language Header XSS
6950| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
6951| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
6952| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
6953| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
6954| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
6955| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
6956| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
6957| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
6958| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
6959| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
6960| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
6961| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
6962| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
6963| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
6964| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
6965| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
6966| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
6967| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
6968| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
6969| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
6970| [32724] Apache mod_python _filter_read Freed Memory Disclosure
6971| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
6972| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
6973| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
6974| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
6975| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
6976| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
6977| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
6978| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
6979| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
6980| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
6981| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
6982| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
6983| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
6984| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
6985| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
6986| [24365] Apache Struts Multiple Function Error Message XSS
6987| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
6988| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
6989| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
6990| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
6991| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
6992| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
6993| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
6994| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
6995| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
6996| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
6997| [22459] Apache Geronimo Error Page XSS
6998| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
6999| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
7000| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
7001| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
7002| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
7003| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
7004| [21021] Apache Struts Error Message XSS
7005| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
7006| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
7007| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
7008| [20439] Apache Tomcat Directory Listing Saturation DoS
7009| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
7010| [20285] Apache HTTP Server Log File Control Character Injection
7011| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
7012| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
7013| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
7014| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
7015| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
7016| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
7017| [19821] Apache Tomcat Malformed Post Request Information Disclosure
7018| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
7019| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
7020| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
7021| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
7022| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
7023| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
7024| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
7025| [18233] Apache HTTP Server htdigest user Variable Overfow
7026| [17738] Apache HTTP Server HTTP Request Smuggling
7027| [16586] Apache HTTP Server Win32 GET Overflow DoS
7028| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
7029| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
7030| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
7031| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
7032| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
7033| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
7034| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
7035| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
7036| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
7037| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
7038| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
7039| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
7040| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
7041| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
7042| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
7043| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
7044| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
7045| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
7046| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
7047| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
7048| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
7049| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
7050| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
7051| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
7052| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
7053| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
7054| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
7055| [13304] Apache Tomcat realPath.jsp Path Disclosure
7056| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
7057| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
7058| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
7059| [12848] Apache HTTP Server htdigest realm Variable Overflow
7060| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
7061| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
7062| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
7063| [12557] Apache HTTP Server prefork MPM accept Error DoS
7064| [12233] Apache Tomcat MS-DOS Device Name Request DoS
7065| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
7066| [12231] Apache Tomcat web.xml Arbitrary File Access
7067| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
7068| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
7069| [12178] Apache Jakarta Lucene results.jsp XSS
7070| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
7071| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
7072| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
7073| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
7074| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
7075| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
7076| [10471] Apache Xerces-C++ XML Parser DoS
7077| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
7078| [10068] Apache HTTP Server htpasswd Local Overflow
7079| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
7080| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
7081| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
7082| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
7083| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
7084| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
7085| [9717] Apache HTTP Server mod_cookies Cookie Overflow
7086| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
7087| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
7088| [9714] Apache Authentication Module Threaded MPM DoS
7089| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
7090| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
7091| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
7092| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
7093| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
7094| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
7095| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
7096| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
7097| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
7098| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
7099| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
7100| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
7101| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
7102| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
7103| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
7104| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
7105| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
7106| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
7107| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
7108| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
7109| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
7110| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
7111| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
7112| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
7113| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
7114| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
7115| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
7116| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
7117| [9208] Apache Tomcat .jsp Encoded Newline XSS
7118| [9204] Apache Tomcat ROOT Application XSS
7119| [9203] Apache Tomcat examples Application XSS
7120| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
7121| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
7122| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
7123| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
7124| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
7125| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
7126| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
7127| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
7128| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
7129| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
7130| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
7131| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
7132| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
7133| [7611] Apache HTTP Server mod_alias Local Overflow
7134| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
7135| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
7136| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
7137| [6882] Apache mod_python Malformed Query String Variant DoS
7138| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
7139| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
7140| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
7141| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
7142| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
7143| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
7144| [5526] Apache Tomcat Long .JSP URI Path Disclosure
7145| [5278] Apache Tomcat web.xml Restriction Bypass
7146| [5051] Apache Tomcat Null Character DoS
7147| [4973] Apache Tomcat servlet Mapping XSS
7148| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
7149| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
7150| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
7151| [4568] mod_survey For Apache ENV Tags SQL Injection
7152| [4553] Apache HTTP Server ApacheBench Overflow DoS
7153| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
7154| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
7155| [4383] Apache HTTP Server Socket Race Condition DoS
7156| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
7157| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
7158| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
7159| [4231] Apache Cocoon Error Page Server Path Disclosure
7160| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
7161| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
7162| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
7163| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
7164| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
7165| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
7166| [3322] mod_php for Apache HTTP Server Process Hijack
7167| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
7168| [2885] Apache mod_python Malformed Query String DoS
7169| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
7170| [2733] Apache HTTP Server mod_rewrite Local Overflow
7171| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
7172| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
7173| [2149] Apache::Gallery Privilege Escalation
7174| [2107] Apache HTTP Server mod_ssl Host: Header XSS
7175| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
7176| [1833] Apache HTTP Server Multiple Slash GET Request DoS
7177| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
7178| [872] Apache Tomcat Multiple Default Accounts
7179| [862] Apache HTTP Server SSI Error Page XSS
7180| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
7181| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
7182| [845] Apache Tomcat MSDOS Device XSS
7183| [844] Apache Tomcat Java Servlet Error Page XSS
7184| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
7185| [838] Apache HTTP Server Chunked Encoding Remote Overflow
7186| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
7187| [775] Apache mod_python Module Importing Privilege Function Execution
7188| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
7189| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
7190| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
7191| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
7192| [637] Apache HTTP Server UserDir Directive Username Enumeration
7193| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
7194| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
7195| [562] Apache HTTP Server mod_info /server-info Information Disclosure
7196| [561] Apache Web Servers mod_status /server-status Information Disclosure
7197| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
7198| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
7199| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
7200| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
7201| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
7202| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
7203| [376] Apache Tomcat contextAdmin Arbitrary File Access
7204| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
7205| [222] Apache HTTP Server test-cgi Arbitrary File Access
7206| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
7207| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
7208|_
7209Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
7210Device type: WAP|general purpose
7211Running (JUST GUESSING): Linux 2.6.X|2.4.X (88%)
7212OS CPE: cpe:/o:linux:linux_kernel:2.6.22 cpe:/o:linux:linux_kernel:2.4.18 cpe:/o:linux:linux_kernel:2.4
7213Aggressive OS guesses: OpenWrt Kamikaze 7.09 (Linux 2.6.22) (88%), Linux 2.4.18 (86%), OpenWrt 0.9 - 7.09 (Linux 2.4.30 - 2.4.34) (85%), OpenWrt White Russian 0.9 (Linux 2.4.30) (85%)
7214No exact OS matches for host (test conditions non-ideal).
7215Network Distance: 14 hops
7216
7217TRACEROUTE (using port 443/tcp)
7218HOP RTT ADDRESS
72191 191.07 ms 10.248.200.1
72202 192.24 ms 213.184.122.97
72213 207.09 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
72224 208.12 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
72235 208.17 ms bzq-179-124-230.cust.bezeqint.net (212.179.124.230)
72246 272.61 ms ae3.cr6-mrs1.ip4.gtt.net (141.136.96.141)
72257 272.22 ms et-0-0-29.cr5-mrs1.ip4.gtt.net (213.200.118.202)
72268 285.59 ms 4.68.144.161
72279 317.36 ms 212.73.201.66
722810 321.45 ms 10.188.195.77
722911 301.00 ms 10.188.193.44
723012 393.66 ms 10.188.193.19
723113 358.16 ms 94.97.246.67
723214 361.87 ms 94.97.248.201
7233#######################################################################################################################################
7234https://94.97.248.201 [200 OK] Apache, Content-Language[ar], Cookies[LIPICINX], Country[SAUDI ARABIA][SA], Drupal, HTML5, HTTPServer[Apache], IP[94.97.248.201], JQuery[1.10.2,3.3.1], Script[text/javascript], Strict-Transport-Security[max-age=63072000; includeSubDomains], Title[وزارة العمل والتنمية الاجتماعية], UncommonHeaders[x-drupal-cache,x-content-type-options], X-Frame-Options[SameOrigin], X-UA-Compatible[IE=edge], X-XSS-Protection[1; mode=block]
7235#######################################################################################################################################
7236Version: 1.11.13-static
7237OpenSSL 1.0.2-chacha (1.0.2g-dev)
7238
7239Connected to 94.97.248.201
7240
7241Testing SSL server 94.97.248.201 on port 443 using SNI name 94.97.248.201
7242
7243 TLS Fallback SCSV:
7244Server supports TLS Fallback SCSV
7245
7246 TLS renegotiation:
7247Session renegotiation not supported
7248
7249 TLS Compression:
7250Compression disabled
7251
7252 Heartbleed:
7253TLS 1.2 not vulnerable to heartbleed
7254TLS 1.1 not vulnerable to heartbleed
7255TLS 1.0 not vulnerable to heartbleed
7256
7257 Supported Server Cipher(s):
7258Preferred TLSv1.2 128 bits AES128-GCM-SHA256
7259Accepted TLSv1.2 256 bits AES256-GCM-SHA384
7260Accepted TLSv1.2 128 bits AES128-SHA256
7261Accepted TLSv1.2 256 bits AES256-SHA256
7262Accepted TLSv1.2 256 bits AES256-SHA
7263Accepted TLSv1.2 128 bits AES128-SHA
7264
7265 SSL Certificate:
7266Signature Algorithm: sha256WithRSAEncryption
7267RSA Key Strength: 2048
7268
7269Subject: mlsd.gov.sa
7270Altnames: DNS:mlsd.gov.sa, DNS:www.mlsd.gov.sa, DNS:sd.mlsd.gov.sa
7271Issuer: Thawte RSA CA 2018
7272
7273Not valid before: May 8 00:00:00 2019 GMT
7274Not valid after: May 7 12:00:00 2020 GMT
7275########################################################################################################################################
7276+----------+-----------------------------------------------------------------------------+--------------------------------------------------------+----------+----------+
7277| App Name | URL to Application | Potential Exploit | Username | Password |
7278+----------+-----------------------------------------------------------------------------+--------------------------------------------------------+----------+----------+
7279| FreePBX | https://94.97.248.201:443/admin/admin/config.php?type=setup&display=general | https://www.exploit-db.com/search/?description=freepbx | | |
7280--------------------------------------------------------------------------------------------------------------------------------------
7281###########################################################################################################################################
7282Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-06 14:00 EDT
7283NSE: Loaded 45 scripts for scanning.
7284NSE: Script Pre-scanning.
7285NSE: Starting runlevel 1 (of 2) scan.
7286Initiating NSE at 14:00
7287Completed NSE at 14:00, 0.00s elapsed
7288NSE: Starting runlevel 2 (of 2) scan.
7289Initiating NSE at 14:00
7290Completed NSE at 14:00, 0.00s elapsed
7291Initiating Ping Scan at 14:00
7292Scanning 94.97.248.201 [4 ports]
7293Completed Ping Scan at 14:00, 0.46s elapsed (1 total hosts)
7294Initiating Parallel DNS resolution of 1 host. at 14:00
7295Completed Parallel DNS resolution of 1 host. at 14:00, 0.02s elapsed
7296Initiating Connect Scan at 14:00
7297Scanning 94.97.248.201 [65535 ports]
7298Discovered open port 80/tcp on 94.97.248.201
7299Discovered open port 443/tcp on 94.97.248.201
7300Connect Scan Timing: About 1.36% done; ETC: 14:38 (0:37:21 remaining)
7301Connect Scan Timing: About 2.95% done; ETC: 14:36 (0:35:08 remaining)
7302Connect Scan Timing: About 4.64% done; ETC: 14:35 (0:33:14 remaining)
7303Connect Scan Timing: About 6.54% done; ETC: 14:32 (0:30:15 remaining)
7304Connect Scan Timing: About 8.61% done; ETC: 14:30 (0:27:47 remaining)
7305Connect Scan Timing: About 10.86% done; ETC: 14:29 (0:25:35 remaining)
7306Connect Scan Timing: About 13.28% done; ETC: 14:27 (0:23:37 remaining)
7307Connect Scan Timing: About 16.40% done; ETC: 14:25 (0:20:59 remaining)
7308Connect Scan Timing: About 16.00% done; ETC: 14:29 (0:24:15 remaining)
7309Connect Scan Timing: About 22.07% done; ETC: 14:23 (0:18:04 remaining)
7310Connect Scan Timing: About 28.00% done; ETC: 14:20 (0:14:27 remaining)
7311Connect Scan Timing: About 34.12% done; ETC: 14:18 (0:11:49 remaining)
7312Connect Scan Timing: About 40.80% done; ETC: 14:16 (0:09:36 remaining)
7313Connect Scan Timing: About 47.28% done; ETC: 14:15 (0:07:56 remaining)
7314Connect Scan Timing: About 51.71% done; ETC: 14:15 (0:07:10 remaining)
7315Connect Scan Timing: About 57.39% done; ETC: 14:14 (0:06:04 remaining)
7316Connect Scan Timing: About 64.10% done; ETC: 14:13 (0:04:51 remaining)
7317Connect Scan Timing: About 69.75% done; ETC: 14:14 (0:04:09 remaining)
7318Connect Scan Timing: About 75.21% done; ETC: 14:14 (0:03:23 remaining)
7319Connect Scan Timing: About 80.38% done; ETC: 14:13 (0:02:38 remaining)
7320Connect Scan Timing: About 86.61% done; ETC: 14:13 (0:01:45 remaining)
7321Connect Scan Timing: About 91.86% done; ETC: 14:13 (0:01:04 remaining)
7322Completed Connect Scan at 14:13, 789.88s elapsed (65535 total ports)
7323Initiating Service scan at 14:13
7324Scanning 2 services on 94.97.248.201
7325Completed Service scan at 14:15, 128.81s elapsed (2 services on 1 host)
7326Initiating OS detection (try #1) against 94.97.248.201
7327Retrying OS detection (try #2) against 94.97.248.201
7328Initiating Traceroute at 14:15
7329Completed Traceroute at 14:15, 3.02s elapsed
7330Initiating Parallel DNS resolution of 13 hosts. at 14:15
7331Completed Parallel DNS resolution of 13 hosts. at 14:15, 0.36s elapsed
7332NSE: Script scanning 94.97.248.201.
7333NSE: Starting runlevel 1 (of 2) scan.
7334Initiating NSE at 14:15
7335Completed NSE at 14:16, 8.48s elapsed
7336NSE: Starting runlevel 2 (of 2) scan.
7337Initiating NSE at 14:16
7338Completed NSE at 14:16, 0.00s elapsed
7339Nmap scan report for 94.97.248.201
7340Host is up, received reset ttl 241 (0.28s latency).
7341Scanned at 2019-08-06 14:00:25 EDT for 939s
7342Not shown: 64188 filtered ports, 1345 closed ports
7343Reason: 64188 no-responses and 1345 conn-refused
7344PORT STATE SERVICE REASON VERSION
734580/tcp open http syn-ack
7346| fingerprint-strings:
7347| FourOhFourRequest:
7348| HTTP/1.1 302 Found
7349| Location: https:///nice%20ports%2C/Tri%6Eity.txt%2ebak
7350| Connection: close
7351| GetRequest, HTTPOptions:
7352| HTTP/1.1 302 Found
7353| Location: https:///
7354|_ Connection: close
7355443/tcp open ssl/http syn-ack Apache httpd
7356|_http-server-header: Apache
7357| vulscan: VulDB - https://vuldb.com:
7358| [135270] Apache JSPWiki up to 2.11.0.M3 Plugin Link cross site scripting
7359| [135269] Apache JSPWiki up to 2.11.0.M3 InterWiki Link cross site scripting
7360| [135268] Apache JSPWiki up to 2.11.0.M3 Attachment cross site scripting
7361| [134527] Apache Karaf up to 4.2.4 Config Service directory traversal
7362| [134416] Apache Sanselan 0.97-incubator Loop denial of service
7363| [134415] Apache Sanselan 0.97-incubator Hang denial of service
7364| [134291] Apache Axis up to 1.7.8 Server-Side Request Forgery
7365| [134290] Apache UIMA DUCC up to 2.2.2 cross site scripting
7366| [134248] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7367| [134247] Apache Archiva up to 2.2.3 Artifact Upload directory traversal
7368| [134246] Apache Camel up to 2.19/2.21.3/2.22.2/2.23.0 directory traversal
7369| [134138] Apache Pluto 3.0.0/3.0.1 Chat Room Demo Portlet cross site scripting
7370| [133992] Apache Qpid Proton up to 0.27.0 Certificate Validation Man-in-the-Middle weak authentication
7371| [133977] Apache Zeppelin up to 0.7.x Stored cross site scripting
7372| [133976] Apache Zeppelin up to 0.7.x Cron Scheduler privilege escalation
7373| [133975] Apache Zeppelin up to 0.7.2 Session Fixation weak authentication
7374| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
7375| [133750] Oracle Agile Recipe Management for Pharmaceuticals 9.3.3/9.3.4 Apache Commons FileUpload unknown vulnerability
7376| [133728] Oracle Retail Xstore Point of Service 7.0/7.1 Apache HTTP Server denial of service
7377| [133644] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7378| [133643] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache HTTP Server denial of service
7379| [133640] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Commons FileUpload unknown vulnerability
7380| [133638] Oracle Healthcare Master Person Index 3.0/4.0 Apache Commons FileUpload unknown vulnerability
7381| [133614] Oracle Data Integrator 12.2.1.3.0 Apache Batik unknown vulnerability
7382| [133594] Oracle WebCenter Portal 12.2.1.3.0 Apache Commons FileUpload unknown vulnerability
7383| [133591] Oracle JDeveloper 11.1.1.9.0/12.1.3.0.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7384| [133590] Oracle Identity Analytics 11.1.1.5.8 Apache Commons FileUpload unknown vulnerability
7385| [133588] Oracle Endeca Information Discovery Integrator 3.2.0 Apache Commons FileUpload unknown vulnerability
7386| [133587] Oracle Data Integrator 11.1.1.9.0 Apache Groovy unknown vulnerability
7387| [133585] Oracle API Gateway 11.1.2.4.0 Apache Commons FileUpload unknown vulnerability
7388| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
7389| [133571] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache Commons FileUpload unknown vulnerability
7390| [133522] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache Tomcat unknown vulnerability
7391| [133520] Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server denial of service
7392| [133518] Oracle Primavera Unifier up to 18.8 Apache Commons FileUpload unknown vulnerability
7393| [133508] Oracle Communications Instant Messaging Server 10.0.1 Apache Tomcat unknown vulnerability
7394| [133501] Oracle Communications Policy Management 12.1/12.2/12.3/12.4 Apache Struts 1 unknown vulnerability
7395| [133500] Oracle Communications Application Session Controller 3.7.1/3.8.0 Apache Tomcat unknown vulnerability
7396| [133493] Oracle Communications Pricing Design Center 11.1/12.0 Apache Log4j unknown vulnerability
7397| [133407] Apache Tomcat up to 7.0.93/8.5.39/9.0.17 on Windows JRE Command Line Argument Code Execution
7398| [133315] Apache Airflow up to 1.10.2 HTTP Endpoint cross site request forgery
7399| [133314] Apache Airflow up to 1.10.2 Metadata Database cross site scripting
7400| [133290] Apache Tomcat up to 8.5.37/9.0.14 HTTP2 Stream Execution denial of service
7401| [133112] Apache HTTP Server up to 2.4.38 mod_auth_digest race condition privilege escalation
7402| [133111] Apache HTTP Server 2.4.37/2.4.38 mod_ssl Bypass privilege escalation
7403| [133092] Airsonic 10.2.1 org.apache.commons.lang.RandomStringUtils RecoverController.java java.util.Random weak authentication
7404| [132568] Apache JSPWiki up to 2.11.0.M2 URL User information disclosure
7405| [132567] Apache JSPWiki up to 2.11.0.M2 URL cross site scripting
7406| [132566] Apache ActiveMQ up to 5.15.8 MQTT Frame Memory denial of service
7407| [132565] Apache HBase up to 2.1.3 REST Server Request privilege escalation
7408| [132183] Apache Mesos up to pre-1.4.x Docker Image Code Execution
7409| [131988] Apache Karaf up to 4.2.2 kar Deployer directory traversal
7410| [131859] Apache Hadoop up to 2.9.1 privilege escalation
7411| [131479] Apache Solr up to 7.6 HTTP GET Request Server-Side Request Forgery
7412| [131446] Apache Solr up to 5.0.5/6.6.5 Config API HTTP POST Request Code Execution
7413| [131385] Apache Qpid Broker-J up to 6.x/7.0.6/7.1.0 AMQP Command Crash denial of service
7414| [131315] Apache Mesos up to pre-1.4.x Mesos Masters Rendering JSON Payload Recursion denial of service
7415| [131236] Apache Airflow up to 1.10.1 Metadata Database cross site scripting
7416| [130755] Apache JSPWiki up to 2.10.5 URL cross site scripting
7417| [130629] Apache Guacamole Cookie Flag weak encryption
7418| [130628] Apache Hadoop up to 3.0.0 HDFS information disclosure
7419| [130529] Apache Subversion 1.10.0/1.10.1/1.10.2/1.10.3/1.11.0 mod_dav_svn Directory Crash denial of service
7420| [130353] Apache Open Office up to 4.1.5 Document Loader String memory corruption
7421| [130341] Apache HTTP Server 2.4.37 mod_ssl Loop denial of service
7422| [130330] Apache HTTP Server up to 2.4.37 mod_session Expired privilege escalation
7423| [130329] Apache HTTP Server 2.4.37 mod_http2 Slowloris denial of service
7424| [130212] Apache Airflow up to 1.10.0 LDAP Auth Backend Certificate weak authentication
7425| [130123] Apache Airflow up to 1.8.2 information disclosure
7426| [130122] Apache Airflow up to 1.8.2 command injection cross site request forgery
7427| [130121] Apache Airflow up to 1.8.2 Webserver Object Code Execution
7428| [129717] Oracle Secure Global Desktop 5.4 Apache HTTP Server denial of service
7429| [129688] Oracle Tape Library ACSLS 8.4 Apache Log4j unknown vulnerability
7430| [129673] Oracle Retail Returns Management 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7431| [129672] Oracle Retail Central Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7432| [129671] Oracle Retail Back Office 13.3/13.4/14.0/14.1 Apache Commons Fileupload unknown vulnerability
7433| [129574] Oracle Outside In Technology 8.5.3/8.5.4 Apache Tomcat denial of service
7434| [129573] Oracle WebLogic Server 10.3.6.0 Apache HTTP Server denial of service
7435| [129563] Oracle Enterprise Repository 12.1.3.0.0 Apache Log4j unknown vulnerability
7436| [129555] Oracle Outside In Technology 8.5.3 Apache Batik denial of service
7437| [129551] Oracle Outside In Technology 8.5.3/8.5.4 Apache Commons FileUpload denial of service
7438| [129542] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7439| [129538] Oracle SOA Suite 12.1.3.0.0/12.2.1.3.0 Apache Batik unknown vulnerability
7440| [129519] Oracle Enterprise Manager Ops Center 12.2.2/12.3.3 Apache ActiveMQ unknown vulnerability
7441| [129508] Oracle Applications Manager up to 12.2.8 Apache Derby unknown vulnerability
7442| [129507] Oracle Mobile Field Service up to 12.2.8 Apache Log4j unknown vulnerability
7443| [129505] Oracle Email Center up to 12.2.8 Apache Log4j unknown vulnerability
7444| [129504] Oracle CRM Technical Foundation up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7445| [129499] Oracle Partner Management up to 12.2.8 Apache Log4j unknown vulnerability
7446| [129498] Oracle Marketing up to 12.2.8 Apache Commons FileUpload unknown vulnerability
7447| [129480] Oracle Communications WebRTC Session Controller up to 7.1 Apache Batik unknown vulnerability
7448| [129479] Oracle Communications Diameter Signaling Router up to 8.2 Apache Batik unknown vulnerability
7449| [129474] Oracle Communications Diameter Signaling Router up to 8.2 Apache HTTP Server information disclosure
7450| [129472] Oracle Communications WebRTC Session Controller up to 7.1 Apache Struts 1 unknown vulnerability
7451| [129470] Oracle Communications Converged Application Server up to 7.0.0.0 Apache Struts 1 unknown vulnerability
7452| [129463] Oracle Communications WebRTC Session Controller up to 7.1 Apache Log4j unknown vulnerability
7453| [129461] Oracle Communications Services Gatekeeper up to 6.1.0.3.x Apache Commons Collections Fileupload unknown vulnerability
7454| [129460] Oracle Communications Service Broker 6.0 Apache Log4j unknown vulnerability
7455| [129459] Oracle Communications Policy Management up to 12.4 Apache Struts 2 unknown vulnerability
7456| [129458] Oracle Communications Online Mediation Controller 6.1 Apache Log4j unknown vulnerability
7457| [129457] Oracle Communications Diameter Signaling Router up to 8.2 Apache Commons Fileupload unknown vulnerability
7458| [129456] Oracle Communications Converged Application Server 6.1 Apache Log4j unknown vulnerability
7459| [128714] Apache Thrift Java Client Library up to 0.11.0 SASL Negotiation org.apache.thrift.transport.TSaslTransport unknown vulnerability
7460| [128713] Apache Thrift Node.js Static Web Server up to 0.11.0 directory traversal
7461| [128709] Apache Karaf up to 4.1.6/4.2.1 Features Deployer XMLInputFactory XML External Entity
7462| [128575] Apache NetBeans 9.0 Proxy Auto-Config Code Execution
7463| [128369] Apache Tika 1.8-1.19.1 SQLite3Parser Loop sql injection
7464| [128111] Apache NiFi 1.8.0 Template Upload Man-in-the-Middle cross site request forgery
7465| [128110] Apache NiFi 1.8.0 Cluster Request privilege escalation
7466| [128109] Apache NiFi 1.8.0 Error Page message-page.jsp Request Header cross site scripting
7467| [128108] Apache NiFi up to 1.7.x X-Frame-Options Header privilege escalation
7468| [128102] Apache Oozie up to 5.0.0 Workflow XML Impersonation spoofing
7469| [127994] WordPress up to 5.0.0 on Apache httpd MIME Restriction cross site scripting
7470| [127981] Apache OFBiz 16.11.01/16.11.02/16.11.03/16.11.04 HTTP Engine httpService GET Request privilege escalation
7471| [127161] Apache Hadoop 2.7.4/2.7.5/2.7.6 Incomplete Fix CVE-2016-6811 privilege escalation
7472| [127040] Loadbalancer.org Enterprise VA MAX up to 8.3.2 Apache HTTP Server Log cross site scripting
7473| [127007] Apache Spark Request Code Execution
7474| [126791] Apache Hadoop up to 0.23.11/2.7.6/2.8.4/2.9.1/3.0.2 ZIP File unknown vulnerability
7475| [126767] Apache Qpid Proton-J Transport 0.3 Certificate Verification Man-in-the-Middle weak authentication
7476| [126896] Apache Commons FileUpload 1.3.3 on LDAP Manager DiskFileItem File privilege escalation
7477| [126574] Apache Hive up to 2.3.3/3.1.0 Query privilege escalation
7478| [126573] Apache Hive up to 2.3.3/3.1.0 HiveServer2 privilege escalation
7479| [126564] Apache Superset up to 0.22 Pickle Library load Code Execution
7480| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
7481| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
7482| [126346] Apache Tomcat Path privilege escalation
7483| [125922] Apache Impala up to 3.0.0 ALTER privilege escalation
7484| [125921] Apache Impala up to 3.0.0 Queue Injection privilege escalation
7485| [125647] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Install (Apache Tomcat) information disclosure
7486| [125617] Oracle Retail Returns Management 14.1 Apache Batik unknown vulnerability
7487| [125616] Oracle Retail Point-of-Service 13.4/14.0/14.1 Apache Batik unknown vulnerability
7488| [125614] Oracle Retail Central Office 14.1 Apache Batik unknown vulnerability
7489| [125613] Oracle Retail Back Office 13.3/13.4/14/14.1 Apache Batik unknown vulnerability
7490| [125599] Oracle Retail Open Commerce Platform 5.3.0/6.0.0/6.0.1 Apache Log4j unknown vulnerability
7491| [125569] Oracle PeopleSoft Enterprise PeopleTools 8.55/8.56 Apache HTTP Server information disclosure
7492| [125494] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat information disclosure
7493| [125447] Oracle Business Intelligence Enterprise Edition 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Batik unknown vulnerability
7494| [125428] Oracle Identity Management Suite 11.1.2.3.0/12.2.1.3.0 Apache Log4j unknown vulnerability
7495| [125427] Oracle Identity Analytics 11.1.1.5.8 Apache Log4j unknown vulnerability
7496| [125424] Oracle API Gateway 11.1.2.4.0 Apache Log4j unknown vulnerability
7497| [125423] Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Apache Log4j unknown vulnerability
7498| [125383] Oracle up to 10.2.0 Apache Trinidad unknown vulnerability
7499| [125379] Oracle up to 10.1.x Apache Struts 1 cross site scripting
7500| [125377] Oracle up to 10.2.0 Apache Commons Collections unknown vulnerability
7501| [125376] Oracle Communications Application Session Controller up to 3.7.0 Apache Commons Collections unknown vulnerability
7502| [125375] Oracle Communications User Data Repository up to 12.1.x Apache Xerces memory corruption
7503| [125248] Apache ActiveMQ up to 5.15.5 Web-based Administration Console queue.jsp Parameter cross site scripting
7504| [125133] Apache Tika up to 1.19 XML Parser reset() denial of service
7505| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
7506| [124876] Apache Ranger up to 1.1.x UnixAuthenticationService Stack-based memory corruption
7507| [124791] Apache Tomcat up to 7.0.90/8.5.33/9.0.11 URL Open Redirect
7508| [124787] Apache Pony Mail 0.7/0.8/0.9 Statistics Generator Timestamp Data information disclosure
7509| [124447] Apache HTTP Server up to 2.4.34 SETTINGS Frame denial of service
7510| [124346] Apache Mesos pre-1.4.2/1.5.0/1.5.1/1.6.0 on Executor HTTP API String Comparison validation JSON Web Token information disclosure
7511| [124286] Apache Tika up to 1.18 IptcAnpaParser Loop denial of service
7512| [124242] Apache Tika up to 0.18 C:/evil.bat" Directory unknown vulnerability
7513| [124241] Apache Tika up to 0.18 XML Parser Entity Expansion denial of service
7514| [124191] Apache Karaf up to 3.0.8/4.0.8/4.1.0 WebConsole .../gogo/ weak authentication
7515| [124190] Apache Karaf up to 4.1.x sshd privilege escalation
7516| [124152] Apache Camel Mail up to 2.22.0 Path directory traversal
7517| [124143] Apache SpamAssassin up to 3.4.1 PDFInfo Plugin Code Execution
7518| [124134] Apache SpamAssassin up to 3.4.1 Scan Engine HTML::Parser Email denial of service
7519| [124095] PHP up to 5.6.37/7.0.31/7.1.21/7.2.9 Apache2 sapi_apache2.c php_handler cross site scripting
7520| [124024] Apache Mesos 1.4.x/1.5.0 libprocess JSON Payload denial of service
7521| [123814] Apache ActiveMQ Client up to 5.15.5 TLS Hostname Verification Man-in-the-Middle weak authentication
7522| [123393] Apache Traffic Server up to 6.2.2/7.1.3 ESI Plugin Config privilege escalation
7523| [123392] Apache Traffic Server 6.2.2 TLS Handshake Segmentation Fault denial of service
7524| [123391] Apache Traffic Server up to 6.2.2/7.1.3 Range Request Performance denial of service
7525| [123390] Apache Traffic Server up to 6.2.2/7.1.3 Request HTTP Smuggling privilege escalation
7526| [123369] Apache Traffic Server up to 6.2.2/7.1.3 ACL remap.config Request denial of service
7527| [123197] Apache Sentry up to 2.0.0 privilege escalation
7528| [123145] Apache Struts up to 2.3.34/2.5.16 Namespace Code Execution
7529| [123144] Apache Cayenne up to 4.1.M1 CayenneModeler XML File File Transfer privilege escalation
7530| [122981] Apache Commons Compress 1.7 ZipArchiveInputStream ZIP Archive denial of service
7531| [122889] Apache HTTP Server up to 2.2.31/2.4.23 mod_userdir HTTP Response Splitting privilege escalation
7532| [122800] Apache Spark 1.3.0 REST API weak authentication
7533| [122642] Apache Airflow up to 1.8.x 404 Page Reflected cross site scripting
7534| [122568] Apache Tomcat up to 8.5.31/9.0.9 Connection Reuse weak authentication
7535| [122567] Apache Axis 1.0./1.1/1.2/1.3/1.4 cross site scripting
7536| [122556] Apache Tomcat up to 7.0.86/8.0.51/8.5.30/9.0.7 UTF-8 Decoder Loop denial of service
7537| [122531] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.9 WebSocket Client unknown vulnerability
7538| [122456] Apache Camel up to 2.20.3/2.21.0 XSD Validator XML External Entity
7539| [122455] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Revoked Certificate weak authentication
7540| [122454] Apache Tomcat Native up to 1.1.34/1.2.16 OSCP Responder Revoked Certificate weak authentication
7541| [122214] Apache Kafka up to 0.9.0.1/0.10.2.1/0.11.0.2/1.0.0 Broker Request Data Loss denial of service
7542| [122202] Apache Kafka up to 0.10.2.1/0.11.0.1 SASL Impersonation spoofing
7543| [122101] Docker Skeleton Runtime for Apache OpenWhisk Docker Action dockerskeleton:1.3.0 privilege escalation
7544| [122100] PHP Runtime for Apache OpenWhisk Docker Action action-php-v7.2:1.0.0 privilege escalation
7545| [122012] Apache Ignite up to 2.5 Serialization privilege escalation
7546| [121911] Apache Ambari up to 2.5.x/2.6.2 Log Message Credentials information disclosure
7547| [121910] Apache HTTP Server 2.4.33 mod_md HTTP Requests denial of service
7548| [121854] Oracle Tape Library ACSLS up to ACSLS 8.4.0-2 Apache Commons Collections unknown vulnerability
7549| [121752] Oracle Insurance Policy Administration 10.0/10.1/10.2/11.0 Apache Log4j unknown vulnerability
7550| [121370] Apache Spark up to 2.1.2/2.2.1/2.3.0 URL cross site scripting
7551| [121354] Apache CouchDB HTTP API Code Execution
7552| [121144] Apache LDAP API up to 1.0.1 SSL Filter information disclosure
7553| [121143] Apache storm up to 0.10.2/1.0.6/1.1.2/1.2.1 Cluster privilege escalation
7554| [120436] Apache CXF Fediz up to 1.4.3 Application Plugin unknown vulnerability
7555| [120310] Apache PDFbox up to 1.8.14/2.0.10 AFMParser Loop denial of service
7556| [120168] Apache CXF weak authentication
7557| [120080] Apache Cassandra up to 3.11.1 JMX/RMI Interface RMI Request privilege escalation
7558| [120043] Apache HBase up to 1.2.6.0/1.3.2.0/1.4.4/2.0.0 Thrift 1 API Server weak authentication
7559| [119723] Apache Qpid Broker-J 7.0.0/7.0.1/7.0.2/7.0.3/7.0.4 AMQP Messages Crash denial of service
7560| [122569] Apache HTTP Server up to 2.4.33 HTTP2 Request denial of service
7561| [119486] Apache Geode up to 1.4.0 Security Manager Code Execution
7562| [119306] Apache MXNet Network Interface privilege escalation
7563| [118999] Apache Storm up to 1.0.6/1.1.2/1.2.1 Archive directory traversal
7564| [118996] Apache Storm up to 1.0.6/1.1.2/1.2.1 Daemon spoofing
7565| [118644] Apple macOS up to 10.13.5 apache_mod_php unknown vulnerability
7566| [118200] Apache Batik up to 1.9 Deserialization unknown vulnerability
7567| [118143] Apache NiFi activemq-client Library Deserialization denial of service
7568| [118142] Apache NiFi 1.6.0 SplitXML xxe privilege escalation
7569| [118051] Apache Zookeeper up to 3.4.9/3.5.3-beta weak authentication
7570| [117997] Apache ORC up to 1.4.3 ORC File Recursion denial of service
7571| [117825] Apache Tomcat up to 7.0.88/8.0.52/8.5.31/9.0.8 CORS Filter privilege escalation
7572| [117405] Apache Derby up to 10.14.1.0 Network Server Network Packet privilege escalation
7573| [117347] Apache Ambari up to 2.6.1 HTTP Request directory traversal
7574| [117265] LibreOffice/Apache Office Writer SMB Connection XML Document information disclosure
7575| [117143] Apache uimaj/uima-as/uimaFIT/uimaDUCC XML XXE information disclosure
7576| [117117] Apache Tika up to 1.17 ChmParser Loop denial of service
7577| [117116] Apache Tika up to 1.17 BPGParser Loop denial of service
7578| [117115] Apache Tika up to 1.17 tika-server command injection
7579| [116929] Apache Fineract getReportType Parameter privilege escalation
7580| [116928] Apache Fineract REST Endpoint Parameter privilege escalation
7581| [116927] Apache Fineract MakercheckersApiResource Parameter sql injection
7582| [116926] Apache Fineract REST Hand Parameter privilege escalation
7583| [116574] Apache wicket-jquery-ui up to 6.29.0/7.10.1/8.0.0-M9.1 WYSIWYG Editor privilege escalation
7584| [116622] Oracle Enterprise Manager for MySQL Database 12.1.0.4 EM Plugin: General (Apache Tomcat) unknown vulnerability
7585| [115931] Apache Solr up to 6.6.2/7.2.1 XML Data Parameter XML External Entity
7586| [115883] Apache Hive up to 2.3.2 privilege escalation
7587| [115882] Apache Hive up to 2.3.2 xpath_short information disclosure
7588| [115881] Apache DriverHive JDBC Driver up to 2.3.2 Escape Argument Bypass privilege escalation
7589| [115518] Apache Ignite 2.3 Deserialization privilege escalation
7590| [115260] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache cross site scripting
7591| [115259] EMC RSA Authentication Agent for Web up to 8.0.1 on IIS/Apache Cookie Stack-based memory corruption
7592| [115500] CA Workload Control Center up to r11.4 SP5 Apache MyFaces Component Code Execution
7593| [115121] Apache Struts REST Plugin up to 2.5.15 Xstream XML Data denial of service
7594| [115061] Apache HTTP Server up to 2.4.29 HTTP Digest Authentication Challenge HTTP Requests Replay privilege escalation
7595| [115060] Apache HTTP Server up to 2.4.29 mod_cache_socache Request Header Crash denial of service
7596| [115059] Apache HTTP Server up to 2.4.29 HTTP2 NULL Pointer Dereference denial of service
7597| [115058] Apache HTTP Server up to 2.4.29 HTTP Header Crash denial of service
7598| [115057] Apache HTTP Server up to 2.4.29 mod_session Variable Name Cache privilege escalation
7599| [115039] Apache HTTP Server up to 2.4.29 FilesMatch File Upload privilege escalation
7600| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
7601| [114817] Apache Syncope up to 1.2.10/2.0.7 Search Parameter information disclosure
7602| [114816] Apache Syncope up to 1.2.10/2.0.7 XSLT Code Execution
7603| [114717] Apache Commons 1.11/1.12/1.13/1.14/1.15 ZIP Archive ZipFile/ZipArchiveInputStream denial of service
7604| [114661] Apache Allura up to 1.8.0 HTTP Response Splitting privilege escalation
7605| [114400] Apache Tomcat JK ISAPI Connector up to 1.2.42 IIS/ISAPI privilege escalation
7606| [114258] Apache HTTP Server up to 2.4.22 mod_cluster Segmentation Fault denial of service
7607| [114086] Apache ODE 1.3.3 ODE Process Deployment Web Service directory traversal
7608| [113955] Apache Xerces-C up to 3.2.0 XML Parser NULL Pointer Dereference denial of service
7609| [113945] Apache Tomcat up to 7.0.84/8.0.49/8.5.27/9.0.4 URL Pattern Empty String privilege escalation
7610| [113944] Apache OpenMeetings up to 3.x/4.0.1 CRUD Operation denial of service
7611| [113905] Apache Traffic Server up to 5.2.x/5.3.2/6.2.0/7.0.0 TLS Handshake Core Dump denial of service
7612| [113904] Apache Traffic Server up to 6.2.0 Host Header privilege escalation
7613| [113895] Apache Geode up to 1.3.x Code Execution
7614| [113894] Apache Geode up to 1.3.x TcpServer Code Execution
7615| [113888] Apache James Hupa WebMail 0.0.2 cross site scripting
7616| [113813] Apache Geode Cluster up to 1.3.x Secure Mode privilege escalation
7617| [113747] Apache Tomcat Servlets privilege escalation
7618| [113647] Apache Qpid up to 0.30 qpidd Broker AMQP Message Crash denial of service
7619| [113645] Apache VCL up to 2.1/2.2.1/2.3.1 Web GUI/XMLRPC API privilege escalation
7620| [113560] Apache jUDDI Console 3.0.0 Log Entries spoofing
7621| [113571] Apache Oozie up to 4.3.0/5.0.0-beta1 XML Data XML File privilege escalation
7622| [113569] Apache Karaf up to 4.0.7 LDAPLoginModule LDAP injection denial of service
7623| [113273] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7624| [113198] Apache Qpid Dispatch Router 0.7.0/0.8.0 AMQP denial of service
7625| [113186] Apache JMeter 2.x/3.x Distributed Test Only privilege escalation
7626| [113145] Apache Thrift up to 0.9.3 Go Client Library privilege escalation
7627| [113106] Apache jUDDI up to 3.3.3 XML Data WADL2Java/WSDL2Java XML Document privilege escalation
7628| [113105] Apache Qpid Broker-J 7.0.0 AMQP Crash denial of service
7629| [112885] Apache Allura up to 1.8.0 File information disclosure
7630| [112856] Apache CloudStack up to 4.8.1.0/4.9.0.0 API weak authentication
7631| [112855] Apache CloudStack 4.1.0/4.1.1 API information disclosure
7632| [112678] Apache Tomcat up to 7.0.82/8.0.47/8.5.23/9.0.1 Bug Fix 61201 privilege escalation
7633| [112677] Apache Tomcat Native Connector up to 1.1.34/1.2.14 OCSP Checker Client weak authentication
7634| [112625] Apache POI up to 3.16 Loop denial of service
7635| [112448] Apache NiFi up to 1.3.x Deserialization privilege escalation
7636| [112396] Apache Hadoop 2.7.3/2.7.4 YARN NodeManager Credentials information disclosure
7637| [112339] Apache NiFi 1.5.0 Header privilege escalation
7638| [112330] Apache NiFi 1.5.0 Header HTTP Request privilege escalation
7639| [112314] NetGain Enterprise Manager 7.2.730 Build 1034 org.apache.jsp.u.jsp.tools.exec_jsp Servlet Parameter privilege escalation
7640| [112253] Apache Hadoop up to 0.23.x/2.7.4/2.8.2 MapReduce Job History Server Configuration File privilege escalation
7641| [112171] Oracle Secure Global Desktop 5.3 Apache Log4j privilege escalation
7642| [112164] Oracle Agile PLM 9.3.5/9.3.6 Apache Tomcat unknown vulnerability
7643| [112161] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Tomcat privilege escalation
7644| [112158] Oracle Autovue for Agile Product Lifecycle Management 21.0.0/21.0.1 Apache Log4j privilege escalation
7645| [112156] Oracle Agile PLM 9.3.3/9.3.4/9.3.5/9.3.6 Apache Log4j privilege escalation
7646| [112155] Oracle Agile Engineering Data Management 6.1.3/6.2.0/6.2.1 Apache Log4j privilege escalation
7647| [112137] Oracle MICROS Relate CRM Software 10.8.x/11.4.x/15.0.x, Apache Tomcat unknown vulnerability
7648| [112136] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat privilege escalation
7649| [112133] Oracle Retail Workforce Management 1.60.7/1.64.0 Apache Log4j privilege escalation
7650| [112129] Oracle Retail Assortment Planning 14.1.3/15.0.3/16.0.1 Apache Log4j privilege escalation
7651| [112114] Oracle 9.1 Apache Log4j privilege escalation
7652| [112113] Oracle 9.1 Apache Log4j privilege escalation
7653| [112045] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat privilege escalation
7654| [112038] Oracle Health Sciences Empirica Inspections 1.0.1.1 Apache Tomcat information disclosure
7655| [112019] Oracle Endeca Information Discovery Integrator 3.1.0/3.2.0 Apache Tomcat privilege escalation
7656| [112017] Oracle WebCenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Apache Struts 1 cross site scripting
7657| [112011] Oracle Identity Manager 11.1.2.3.0 Apache Commons Collections privilege escalation
7658| [111950] Oracle Database 12.2.0.1 Apache Tomcat information disclosure
7659| [111703] Apache Sling XSS Protection API 1.0.4 URL Encoding cross site scripting
7660| [111556] Apache Geode up to 1.2.x Secure Mode Parameter OQL privilege escalation
7661| [111555] Apache Geode up to 1.2.x Secure Mode OQL privilege escalation
7662| [111540] Apache Geode up to 1.2.x Secure Mode information disclosure
7663| [111519] Apache Sling JCR ContentLoader 2.1.4 xmlreader directory traversal
7664| [111338] Apache DeltaSpike-JSF 1.8.0 cross site scripting
7665| [111330] Apache OFBiz 16.11.01/16.11.02/16.11.03 BIRT Plugin cross site scripting
7666| [110789] Apache Sling up to 1.4.0 Authentication Service Credentials information disclosure
7667| [110785] Apache Drill up to 1.11.0 Query Page unknown vulnerability
7668| [110701] Apache Fineract Query Parameter sql injection
7669| [110484] Apache Synapse up to 3.0.0 Apache Commons Collections Serialized Object Code Injection privilege escalation
7670| [110426] Adobe Experience Manager 6.0/6.1/6.2/6.3 Apache Sling Servlets Post cross site scripting
7671| [110393] Apple macOS up to 10.13.2 apache information disclosure
7672| [110141] Apache Struts up to 2.5.14 REST Plugin denial of service
7673| [110140] Apache Qpid Broker-J up to 0.32 privilege escalation
7674| [110139] Apache Qpid Broker-J up to 6.1.4 AMQP Frame denial of service
7675| [110106] Apache CXF Fediz Spring cross site request forgery
7676| [109766] Apache OpenOffice up to 4.1.3 DOC File Parser WW8Fonts memory corruption
7677| [109750] Apache OpenOffice up to 4.1.3 DOC File Parser ImportOldFormatStyles memory corruption
7678| [109749] Apache OpenOffice up to 4.1.3 PPT File Parser PPTStyleSheet memory corruption
7679| [109606] October CMS Build 412 Apache Configuration File Upload privilege escalation
7680| [109419] Apache Camel up to 2.19.3/2.20.0 camel-castor Java Object Deserialization privilege escalation
7681| [109418] Apache Camel up to 2.19.3/2.20.0 camel-hessian Java Object Deserialization privilege escalation
7682| [109400] Apache CouchDB up to 1.6.x/2.1.0 Database Server Shell privilege escalation
7683| [109399] Apache CouchDB up to 1.6.x/2.1.0 JSON Parser Shell privilege escalation
7684| [109398] Apache CXF 3.1.14/3.2.1 JAX-WS/JAX-RS Attachment denial of service
7685| [108872] Apache Hive up to 2.1.1/2.2.0/2.3.0 Policy Enforcement privilege escalation
7686| [108939] Apple macOS up to 10.13.1 apache unknown vulnerability
7687| [108938] Apple macOS up to 10.13.1 apache denial of service
7688| [108937] Apple macOS up to 10.13.1 apache unknown vulnerability
7689| [108936] Apple macOS up to 10.13.1 apache unknown vulnerability
7690| [108935] Apple macOS up to 10.13.1 apache denial of service
7691| [108934] Apple macOS up to 10.13.1 apache unknown vulnerability
7692| [108933] Apple macOS up to 10.13.1 apache unknown vulnerability
7693| [108932] Apple macOS up to 10.13.1 apache unknown vulnerability
7694| [108931] Apple macOS up to 10.13.1 apache denial of service
7695| [108930] Apple macOS up to 10.13.1 apache unknown vulnerability
7696| [108929] Apple macOS up to 10.13.1 apache denial of service
7697| [108928] Apple macOS up to 10.13.1 apache unknown vulnerability
7698| [108797] Apache Struts up to 2.3.19 TextParseUtiltranslateVariables OGNL Expression privilege escalation
7699| [108795] Apache Traffic Server up to 5.3.0 HTTP2 set_dynamic_table_size memory corruption
7700| [108794] Apache WSS4J up to 1.6.16/2.0.1 Incomplete Fix Leak information disclosure
7701| [108793] Apache Qpid up to 0.30 qpidd Crash denial of service
7702| [108792] Apache Traffic Server up to 5.1.0 Access Restriction privilege escalation
7703| [108791] Apache Wicket up to 1.5.11/6.16.x/7.0.0-M2 Session information disclosure
7704| [108790] Apache storm 0.9.0.1 Log Viewer directory traversal
7705| [108789] Apache Cordova In-App-Browser Standalone Plugin up to 0.3.1 on iOS CDVInAppBrowser privilege escalation
7706| [108788] Apache Cordova File-Transfer Standalone Plugin up to 0.4.1 on iOS ios/CDVFileTransfer.m spoofing
7707| [108787] Apache HttpClient up to 4.3.0 HttpClientBuilder.java unknown vulnerability
7708| [108786] Apache Wicket up to 1.4.21/1.5.9/6.3.x script Tag cross site scripting
7709| [108783] Apache Hadoop up to 0.23.3/1.0.3/2.0.1 Kerberos Security Feature Key weak encryption
7710| [108782] Apache Xerces2 XML Service denial of service
7711| [108781] Apache jUDDI up to 1.x happyjuddi.jsp Parameter cross site scripting
7712| [108780] Apache jUDDI up to 1.x Log File uddiget.jsp spoofing
7713| [108709] Apache Cordova Android up to 3.7.1/4.0.1 intent URL privilege escalation
7714| [108708] Apache ActiveMQ up to 5.10.0 XML Data XML External Entity
7715| [108707] Apache ActiveMQ up to 1.7.0 XML Data XML External Entity
7716| [108629] Apache OFBiz up to 10.04.01 privilege escalation
7717| [108543] Apache Derby 10.1.2.1/10.2.2.0/10.3.1.4/10.4.1.3 Export File privilege escalation
7718| [108312] Apache HTTP Server on RHEL IP Address Filter privilege escalation
7719| [108297] Apache NiFi up to 0.7.1/1.1.1 Proxy Chain Username Deserialization privilege escalation
7720| [108296] Apache NiFi up to 0.7.1/1.1.1 Cluster Request privilege escalation
7721| [108250] Oracle Secure Global Desktop 5.3 Apache HTTP Server memory corruption
7722| [108245] Oracle Transportation Management up to 6.3.7 Apache Tomcat unknown vulnerability
7723| [108244] Oracle Transportation Management 6.4.1/6.4.2 Apache Commons FileUpload denial of service
7724| [108243] Oracle Agile Engineering Data Management 6.1.3/6.2.0 Apache Commons Collections memory corruption
7725| [108222] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Batik denial of service
7726| [108219] Oracle MICROS Retail XBRi Loss Prevention up to 10.8.1 Apache Tomcat unknown vulnerability
7727| [108217] Oracle Retail Store Inventory Management 13.2.9/14.0.4/14.1.3/15.0.1/16.0.1 Apache Groovy unknown vulnerability
7728| [108216] Oracle Retail Convenience and Fuel POS Software 2.1.132 Apache Groovy unknown vulnerability
7729| [108169] Oracle MySQL Enterprise Monitor up to 3.2.8.2223/3.3.4.3247/3.4.2.4181 Apache Tomcat unknown vulnerability
7730| [108113] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Batik denial of service
7731| [108107] Oracle Hospitality Guest Access 4.2.0/4.2.1 Apache Tomcat unknown vulnerability
7732| [108102] Oracle Healthcare Master Person Index 4.x Apache Groovy unknown vulnerability
7733| [108085] Oracle Identity Manager 11.1.2.3.0 Apache Struts 1 memory corruption
7734| [108083] Oracle API Gateway 11.1.2.4.0 Apache Batik denial of service
7735| [108080] Oracle GlassFish Server 3.1.2 Apache Commons FileUpload denial of service
7736| [108069] Oracle Endeca Information Discovery Integrator 2.4/3.0/3.1/3.2 Apache Commons Collections memory corruption
7737| [108067] Oracle Business Process Management Suite 11.1.1.9.0/12.2.1.1.0 Apache Commons Collections memory corruption
7738| [108066] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Tomcat memory corruption
7739| [108065] Oracle Management Pack for GoldenGate 11.2.1.0.12 Apache Commons Collections memory corruption
7740| [108062] Oracle BI Publisher 11.1.1.7.0/12.2.1.1.0/12.2.1.2.0 Apache ActiveMQ memory corruption
7741| [108060] Oracle Enterprise Manager Ops Center 12.2.2/12.3.2 Apache Groovy unknown vulnerability
7742| [108033] Oracle Primavera Unifier 9.13/9.14/10.x/15.x/16.x, Apache Groovy unknown vulnerability
7743| [108024] Oracle Communications Order and Service Management 7.2.4.x.x/7.3.0.x.x/7.3.1.x.x/7.3.5.x.x Apache Commons Collections memory corruption
7744| [108015] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Commons Collections memory corruption
7745| [108013] Oracle Communications WebRTC Session Controller 7.0/7.1/7.2 Apache Groovy unknown vulnerability
7746| [108011] Oracle Communications Services Gatekeeper 5.1/6.0 Apache Trinidad unknown vulnerability
7747| [107904] Apache Struts up to 2.3.28 Double OGNL Evaluation privilege escalation
7748| [107860] Apache Solr up to 7.0 Apache Lucene RunExecutableListener XML External Entity
7749| [107834] Apache Ranger up to 0.6.1 Change Password privilege escalation
7750| [107639] Apache NiFi 1.4.0 XML External Entity
7751| [107606] Apache ZooKeper up to 3.4.9/3.5.2 Command CPU Exhaustion denial of service
7752| [107597] Apache Roller up to 5.0.2 XML-RPC Protocol Support XML External Entity
7753| [107429] Apache Impala up to 2.9.x Kudu Table privilege escalation
7754| [107411] Apache Tomcat up to 7.0.81/8.0.46/8.5.22/9.0.0 JSP File File Upload privilege escalation
7755| [107385] Apache Geode up to 1.2.0 Secure Mode privilege escalation
7756| [107339] Apache OpenNLP up to 1.5.3/1.6.0/1.7.2/1.8.1 XML Data XML External Entity
7757| [107333] Apache Wicket up to 8.0.0-M1 CSRF Prevention HTTP Header privilege escalation
7758| [107323] Apache Wicket 1.5.10/6.13.0 Class Request information disclosure
7759| [107310] Apache Geode up to 1.2.0 Command Line Utility Query privilege escalation
7760| [107276] ArcSight ESM/ArcSight ESM Express up to 6.9.1c Patch 3/6.11.0 Apache Tomcat Version information disclosure
7761| [107266] Apache Tika up to 1.12 XML Parser XML External Entity
7762| [107262] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7763| [107258] Apache Mesos up to 1.1.2/1.2.1/1.3.0/1.4.0-dev libprocess HTTP Request Crash denial of service
7764| [107197] Apache Xerces Jelly Parser XML File XML External Entity
7765| [107193] ZTE NR8950 Apache Commons Collections RMI Request Deserialization privilege escalation
7766| [107084] Apache Struts up to 2.3.19 cross site scripting
7767| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
7768| [106875] Apache Struts up to 2.5.5 URL Validator denial of service
7769| [106874] Apache Struts up to 2.3.30 Convention Plugin directory traversal
7770| [106847] Apache Tomcat up to 7.0.80 VirtualDirContext Source information disclosure
7771| [106846] Apache Tomcat up to 7.0.79 on Windows HTTP PUT Method Parameter File Upload privilege escalation
7772| [106777] Apache HTTP Server up to 2.2.34/2.4.27 Limit Directive ap_limit_section HTTP Request information disclosure
7773| [106739] puppetlabs-apache up to 1.11.0/2.0.x weak authentication
7774| [106720] Apache Wicket up to 1.5.12/6.18.x/7.0.0-M4 CryptoMapper privilege escalation
7775| [106586] Apache Brooklyn up to 0.9.x REST Server cross site scripting
7776| [106562] Apache Spark up to 2.1.1 Launcher API Deserialization privilege escalation
7777| [106559] Apache Brooklyn up to 0.9.x SnakeYAML YAML Data Java privilege escalation
7778| [106558] Apache Brooklyn up to 0.9.x REST Server cross site request forgery
7779| [106556] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7780| [106555] Apache Traffic Server up to 5.3.1 HTTP2 unknown vulnerability
7781| [106171] Apache Directory LDAP API up to 1.0.0-M30 Timing unknown vulnerability
7782| [106167] Apache Struts up to 2.5.12 REST Plugin XML Data privilege escalation
7783| [106166] Apache Struts up to 2.3.33/2.5.12 REST Plugin denial of service
7784| [106165] Apache Struts up to 2.3.33/2.5.12 URLValidator Regex CPU Exhaustion denial of service
7785| [106115] Apache Hadoop up to 2.6.4/2.7.2 YARN NodeManager Password information disclosure
7786| [106012] Apache Solr up to 5.5.3/6.4.0 Replication directory traversal
7787| [105980] Apache Engine 16.11.01 Parameter Reflected unknown vulnerability
7788| [105962] Apache Atlas 0.6.0/0.7.0 Frame cross site scripting
7789| [105961] Apache Atlas 0.6.0/0.7.0 Stack Trace information disclosure
7790| [105960] Apache Atlas 0.6.0/0.7.0 Search Reflected cross site scripting
7791| [105959] Apache Atlas 0.6.0/0.7.0 edit Tag DOM cross site scripting
7792| [105958] Apache Atlas 0.6.0/0.7.0 edit Tag Stored cross site scripting
7793| [105957] Apache Atlas 0.6.0/0.7.0 Cookie privilege escalation
7794| [105905] Apache Atlas 0.6.0/0.7.0/0.7.1 /js privilege escalation
7795| [105878] Apache Struts up to 2.3.24.0 privilege escalation
7796| [105682] Apache2Triad 1.5.4 phpsftpd/users.php Parameter cross site scripting
7797| [105681] Apache2Triad 1.5.4 phpsftpd/users.php Request cross site request forgery
7798| [105680] Apache2Triad 1.5.4 Parameter Session Fixation weak authentication
7799| [105643] Apache Pony Mail up to 0.8b weak authentication
7800| [105288] Apache Sling up to 2.3.21 Sling.evalString() String cross site scripting
7801| [105219] Apache Tomcat up to 8.5.15/9.0.0.M21 HTTP2 Bypass directory traversal
7802| [105218] Apache Tomcat up to 7.0.78/8.0.44/8.5.15/9.0.0.M21 CORS Filter Cache Poisoning privilege escalation
7803| [105215] Apache CXF up to 3.0.12/3.1.9 OAuth2 Hawk/JOSE MAC Validation Timing unknown vulnerability
7804| [105206] Apache CXF up to 3.0.11/3.1.8 JAX-RS Module XML External Entity
7805| [105205] Apache CXF up to 3.0.11/3.1.8 HTTP Transport Module Parameter cross site scripting
7806| [105202] Apache Storm 1.0.0/1.0.1/1.0.2/1.0.3/1.1.0 Worker privilege escalation
7807| [104987] Apache Xerces-C++ XML Service CPU Exhaustion denial of service
7808| [104986] Apache CXF 2.4.5/2.5.1 WS-SP UsernameToken Policy SOAP Request weak authentication
7809| [104985] Apache MyFaces Core up to 2.1.4 EL Expression Parameter Injection information disclosure
7810| [104983] Apache Wink up to 1.1.1 XML Document xxe privilege escalation
7811| [104981] Apache Commons Email 1.0/1.1/1.2/1.3/1.4 Subject Linebreak SMTP privilege escalation
7812| [104591] MEDHOST Document Management System Apache Solr Default Credentials weak authentication
7813| [104062] Oracle MySQL Enterprise Monitor up to 3.3.3.1199 Apache Tomcat unknown vulnerability
7814| [104061] Oracle MySQL Enterprise Monitor up to 3.2.7.1204/3.3.3.1199 Apache Tomcat unknown vulnerability
7815| [104060] Oracle MySQL Enterprise Monitor up to 3.1.5.7958/3.2.5.1141/3.3.2.1162 Apache Struts 2 unknown vulnerability
7816| [103995] Oracle 8.3/8.4/15.1/15.2 Apache Trinidad unknown vulnerability
7817| [103993] Oracle Policy Automation up to 12.2.3 Apache Commons FileUplaod denial of service
7818| [103916] Oracle Banking Platform 2.3/2.4/2.4.1/2.5 Apache Commons FileUpload denial of service
7819| [103906] Oracle Communications BRM 11.2.0.0.0 Apache Commons Collections privilege escalation
7820| [103904] Oracle Communications BRM 11.2.0.0.0/11.3.0.0.0 Apache Groovy memory corruption
7821| [103866] Oracle Transportation Management 6.1/6.2 Apache Webserver unknown vulnerability
7822| [103816] Oracle BI Publisher 11.1.1.9.0/12.2.1.1.0/12.2.1.2.0 Apache Commons Fileupload denial of service
7823| [103797] Oracle Tuxedo System and Applications Monitor Apache Commons Collections privilege escalation
7824| [103792] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Commons Fileupload privilege escalation
7825| [103791] Oracle Endeca Server 7.6.0.0/7.6.1.0 Apache Commons Collections privilege escalation
7826| [103788] Oracle Enterprise Repository 11.1.1.7.0/12.1.3.0.0 Apache ActiveMQ memory corruption
7827| [103787] Oracle Enterprise Data Quality 8.1.13.0.0 Apache Groovy memory corruption
7828| [103763] Apache Sling up to 1.0.11 XSS Protection API XSS.getValidXML() Application XML External Entity
7829| [103762] Apache Sling up to 1.0.12 XSS Protection API XSSAPI.encodeForJSString() Script Tag cross site scripting
7830| [103693] Apache OpenMeetings 1.0.0 HTTP Method privilege escalation
7831| [103692] Apache OpenMeetings 1.0.0 Tomcat Error information disclosure
7832| [103691] Apache OpenMeetings 3.2.0 Parameter privilege escalation
7833| [103690] Apache OpenMeetings 1.0.0 sql injection
7834| [103689] Apache OpenMeetings 1.0.0 crossdomain.xml privilege escalation
7835| [103688] Apache OpenMeetings 1.0.0 weak encryption
7836| [103687] Apache OpenMeetings 1.0.0 cross site request forgery
7837| [103556] Apache Roller 5.1.0/5.1.1 Weblog Page Template VTL privilege escalation
7838| [103554] Apache OpenMeetings 1.0.0 Password Update unknown vulnerability
7839| [103553] Apache OpenMeetings 1.0.0 File Upload privilege escalation
7840| [103552] Apache OpenMeetings 3.2.0 Chat cross site scripting
7841| [103551] Apache OpenMeetings 3.1.0 XML unknown vulnerability
7842| [103521] Apache HTTP Server 2.4.26 HTTP2 Free memory corruption
7843| [103520] Apache HTTP Server up to 2.2.33/2.4.26 mod_auth_digest Authorization Header memory corruption
7844| [103519] Apache Struts up to 2.5.11/2.3.32 Spring AOP denial of service
7845| [103518] Apache Struts up to 2.5.11 URLValidator directory traversal
7846| [103492] Apache Spark up to 2.1.x Web UI Reflected cross site scripting
7847| [103401] Apache Struts 2.3.x Struts 1 Plugin ActionMessage privilege escalation
7848| [103399] Apache Traffic Control Traffic Router TCP Connection Slowloris denial of service
7849| [103387] Apache Impala up to 2.8.0 StatestoreSubscriber weak encryption
7850| [103386] Apache Impala up to 2.7.x/2.8.0 Kerberos weak authentication
7851| [103352] Apache Solr Node weak authentication
7852| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
7853| [102878] Code42 CrashPlan 5.4.x RMI Server org.apache.commons.ssl.rmi.DateRMI privilege escalation
7854| [102698] Apache HTTP Server up to 2.2.32/2.4.25 mod_mime Content-Type memory corruption
7855| [102697] Apache HTTP Server 2.2.32/2.2.24 HTTP Strict Parsing ap_find_token Request Header memory corruption
7856| [102690] Apache HTTP Server up to 2.2.32/2.4.25 mod_ssl ap_hook_process_connection() denial of service
7857| [102689] Apache HTTP Server up to 2.2.32/2.4.25 ap_get_basic_auth_pw weak authentication
7858| [102622] Apache Thrift up to 0.9.2 Client Libraries skip denial of service
7859| [102538] Apache Ranger up to 0.7.0 Authorizer unknown vulnerability
7860| [102537] Apache Ranger up to 0.7.0 Wildcard Character unknown vulnerability
7861| [102536] Apache Ranger up to 0.6 Stored cross site scripting
7862| [102535] Apache Ranger up to 0.6.2 Policy Engine unknown vulnerability
7863| [102255] Apache NiFi up to 0.7.3/1.2.x Response Header privilege escalation
7864| [102254] Apache NiFi up to 0.7.3/1.2.x UI cross site scripting
7865| [102070] Apache CXF Fediz up to 1.1.2/1.2.0 Application Plugin denial of service
7866| [102020] Apache Tomcat up to 9.0.0.M1 Java Servlet HTTP Method unknown vulnerability
7867| [101858] Apache Hive up to 1.2.1/2.0.0 Client weak authentication
7868| [101802] Apache KNOX up to 0.11.0 WebHDFS privilege escalation
7869| [101928] HPE Aruba ClearPass Apache Tomcat information disclosure
7870| [101524] Apache Archiva up to 1.x/2.2.1 REST Endpoint cross site request forgery
7871| [101513] Apache jUDDI 3.1.2/3.1.3/3.1.4/3.1. Logout Open Redirect
7872| [101430] Apache CXF Fediz up to 1.3.1 OIDC Service cross site request forgery
7873| [101429] Apache CXF Fediz up to 1.2.3/1.3.1 Plugins cross site request forgery
7874| [100619] Apache Hadoop up to 2.6.x HDFS Servlet unknown vulnerability
7875| [100618] Apache Hadoop up to 2.7.0 HDFS Web UI cross site scripting
7876| [100621] Adobe ColdFusion 10/11/2016 Apache BlazeDS Library Deserialization privilege escalation
7877| [100205] Oracle MySQL Enterprise Monitor up to 3.1.6.8003/3.2.1182/3.3.2.1162 Apache Commons FileUpload denial of service
7878| [100191] Oracle Secure Global Desktop 4.71/5.2/5.3 Web Server (Apache HTTP Server) information disclosure
7879| [100162] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Commons Collections privilege escalation
7880| [100160] Oracle StorageTek Tape Analytics SW Tool up to 2.2.0 Apache Trinidad unknown vulnerability
7881| [99969] Oracle WebCenter Sites 11.1.1.8.0 Apache Tomcat memory corruption
7882| [99937] Apache Batik up to 1.8 privilege escalation
7883| [99936] Apache FOP up to 2.1 privilege escalation
7884| [99935] Apache CXF up to 3.0.12/3.1.10 STSClient Cache information disclosure
7885| [99934] Apache CXF up to 3.0.12/3.1.10 JAX-RS XML Security Streaming Client spoofing
7886| [99930] Apache Traffic Server up to 6.2.0 denial of service
7887| [99929] Apache Log4j up to 2.8.1 Socket Server Deserialization privilege escalation
7888| [99925] Apache Traffic Server 6.0.0/6.1.0/6.2.0 HPACK Bomb denial of service
7889| [99738] Ping Identity OpenID Connect Authentication Module up to 2.13 on Apache Mod_auth_openidc.c spoofing
7890| [117569] Apache Hadoop up to 2.7.3 privilege escalation
7891| [99591] Apache TomEE up to 1.7.3/7.0.0-M2 EjbObjectInputStream Serialized Object privilege escalation
7892| [99370] Apache Ignite up to 1.8 update-notifier Document XML External Entity
7893| [99299] Apache Geode up to 1.1.0 Pulse OQL Query privilege escalation
7894| [99572] Apache Tomcat up to 7.0.75/8.0.41/8.5.11/9.0.0.M17 Application Listener privilege escalation
7895| [99570] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP Connector Cache information disclosure
7896| [99569] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 HTTP/2 GOAWAY Frame Resource Exhaustion denial of service
7897| [99568] Apache Tomcat up to 6.0.52/7.0.76/8.0.42/8.5.12/9.0.0.M18 Pipelined Request information disclosure
7898| [99048] Apache Ambari up to 2.3.x REST API Shell Metacharacter privilege escalation
7899| [99014] Apache Camel Jackson/JacksonXML privilege escalation
7900| [98610] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7901| [98609] Apple macOS up to 10.12.3 apache_mod_php denial of service
7902| [98608] Apple macOS up to 10.12.3 apache_mod_php memory corruption
7903| [98607] Apple macOS up to 10.12.3 apache_mod_php denial of service
7904| [98606] Apple macOS up to 10.12.3 apache_mod_php denial of service
7905| [98605] Apple macOS up to 10.12.3 Apache denial of service
7906| [98604] Apple macOS up to 10.12.3 Apache denial of service
7907| [98603] Apple macOS up to 10.12.3 Apache denial of service
7908| [98602] Apple macOS up to 10.12.3 Apache denial of service
7909| [98601] Apple macOS up to 10.12.3 Apache denial of service
7910| [98517] Apache POI up to 3.14 OOXML File XXE denial of service
7911| [98405] Apache Hadoop up to 0.23.10 privilege escalation
7912| [98199] Apache Camel Validation XML External Entity
7913| [97892] Apache Tomcat up to 9.0.0.M15 Reverse-Proxy Http11InputBuffer.java information disclosure
7914| [97617] Apache Camel camel-snakeyaml Deserialization privilege escalation
7915| [97602] Apache Camel camel-jackson/camel-jacksonxml CamelJacksonUnmarshalType privilege escalation
7916| [97732] Apache Struts up to 2.3.31/2.5.10 Jakarta Multipart Parser Content-Type privilege escalation
7917| [97466] mod_auth_openidc up to 2.1.5 on Apache weak authentication
7918| [97455] mod_auth_openidc up to 2.1.4 on Apache weak authentication
7919| [97081] Apache Tomcat HTTPS Request denial of service
7920| [97162] EMC OpenText Documentum D2 BeanShell/Apache Commons privilege escalation
7921| [96949] Hanwha Techwin Smart Security Manager up to 1.5 Redis/Apache Felix Gogo privilege escalation
7922| [96314] Apache Cordova up to 6.1.1 on Android weak authentication
7923| [95945] Apple macOS up to 10.12.2 apache_mod_php denial of service
7924| [95944] Apple macOS up to 10.12.2 apache_mod_php denial of service
7925| [95943] Apple macOS up to 10.12.2 apache_mod_php memory corruption
7926| [95666] Oracle FLEXCUBE Direct Banking 12.0.0/12.0.1/12.0.2/12.0.3 Apache Commons Collections privilege escalation
7927| [95455] Apache NiFi up to 1.0.0/1.1.0 Connection Details Dialogue cross site scripting
7928| [95311] Apache storm UI Daemon privilege escalation
7929| [95291] ZoneMinder 1.30.0 Apache httpd privilege escalation
7930| [94800] Apache Wicket up to 1.5.16/6.24.x Deserialize DiskFileItem denial of service
7931| [94705] Apache Qpid Broker for Java up to 6.1.0 SCRAM-SHA-1/SCRAM-SHA-256 User information disclosure
7932| [94627] Apache HTTP Server up to 2.4.24 mod_auth_digest Crash denial of service
7933| [94626] Apache HTTP Server up to 2.4.24 mod_session_crypto Padding weak encryption
7934| [94625] Apache HTTP Server up to 2.4.24 Response Split privilege escalation
7935| [94540] Apache Tika 1.9 tika-server File information disclosure
7936| [94600] Apache ActiveMQ up to 5.14.1 Administration Console cross site scripting
7937| [94348] Apple macOS up to 10.12.1 apache_mod_php denial of service
7938| [94347] Apple macOS up to 10.12.1 apache_mod_php denial of service
7939| [94346] Apple macOS up to 10.12.1 apache_mod_php denial of service
7940| [94345] Apple macOS up to 10.12.1 apache_mod_php denial of service
7941| [94344] Apple macOS up to 10.12.1 apache_mod_php denial of service
7942| [94343] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7943| [94342] Apple macOS up to 10.12.1 apache_mod_php memory corruption
7944| [94128] Apache Tomcat up to 9.0.0.M13 Error information disclosure
7945| [93958] Apache HTTP Server up to 2.4.23 mod_http2 h2_stream.c denial of service
7946| [93874] Apache Subversion up to 1.8.16/1.9.4 mod_dontdothat XXE denial of service
7947| [93855] Apache Hadoop up to 2.6.4/2.7.2 HDFS Service privilege escalation
7948| [93609] Apache OpenMeetings 3.1.0 RMI Registry privilege escalation
7949| [93555] Apache Tika 1.6-1.13 jmatio MATLAB File privilege escalation
7950| [93799] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7951| [93798] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 JmxRemoteLifecycleListener privilege escalation
7952| [93797] Apache Tomcat up to 6.0.47/7.0.72/8.0.38/8.5.6/9.0.0.M11 HTTP Split privilege escalation
7953| [93796] Apache Tomcat up to 8.5.6/9.0.0.M11 HTTP/2 Header Parser denial of service
7954| [93532] Apache Commons Collections Library Java privilege escalation
7955| [93210] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 ResourceLinkFactory privilege escalation
7956| [93209] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Realm Authentication User information disclosure
7957| [93208] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 System Property Replacement information disclosure
7958| [93207] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Utility Method privilege escalation
7959| [93206] Apache Tomcat up to 6.0.45/7.0.70/8.0.36/8.5.4/9.0.0.M9 Configuration privilege escalation
7960| [93098] Apache Commons FileUpload privilege escalation
7961| [92987] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Commons Collection memory corruption
7962| [92986] Oracle Virtual Desktop Infrastructure up to 3.5.2 Apache Tomcat memory corruption
7963| [92982] Oracle Insurance IStream 4.3.2 Apache Commons Collections memory corruption
7964| [92981] Oracle Financial Services Lending and Leasing 14.1.0/14.2.0 Apache Commons Collections memory corruption
7965| [92979] Oracle up to 8.0.3 Apache Commons Collections memory corruption
7966| [92977] Oracle FLEXCUBE Universal Banking up to 12.2.0 Apache Commons Collections memory corruption
7967| [92976] Oracle FLEXCUBE Universal Banking 12.87.1/12.87.2 Apache Commons Collections memory corruption
7968| [92975] Oracle FLEXCUBE Private Banking up to 12.1.0 Apache Commons Collections memory corruption
7969| [92974] Oracle FLEXCUBE Investor Servicing 12.0.1 Apache Commons Collections memory corruption
7970| [92973] Oracle 12.0.0/12.1.0 Apache Commons Collections memory corruption
7971| [92972] Oracle FLEXCUBE Core Banking 11.5.0.0.0/11.6.0.0.0 Apache Commons Collections memory corruption
7972| [92962] Oracle Agile PLM 9.3.4/9.3.5 Apache Commons Collections memory corruption
7973| [92909] Oracle Agile PLM 9.3.4/9.3.5 Apache Tomcat unknown vulnerability
7974| [92786] Oracle Banking Digital Experience 15.1 Apache Commons Collections information disclosure
7975| [92549] Apache Tomcat on Red Hat privilege escalation
7976| [92509] Apache Tomcat JK ISAPI Connector up to 1.2.41 jk_uri_worker_map.c memory corruption
7977| [92314] Apache MyFaces Trinidad up to 1.0.13/1.2.15/2.0.1/2.1.1 CoreResponseStateManager memory corruption
7978| [92313] Apache Struts2 up to 2.3.28/2.5.0 Action Name Cleanup cross site request forgery
7979| [92299] Apache Derby up to 10.12.1.0 SqlXmlUtil XML External Entity
7980| [92217] Apache ActiveMQ Artemis up to 1.3.x Broker/REST GetObject privilege escalation
7981| [92174] Apache Ranger up to 0.6.0 Policy cross site scripting
7982| [91831] Apache Jackrabbit up to 2.13.2 HTTP Header cross site request forgery
7983| [91825] Apache Zookeeper up to 3.4.8/3.5.2 C CLI Shell memory corruption
7984| [91818] Apache CXF Fediz up to 1.2.2/1.3.0 Application Plugin privilege escalation
7985| [92056] Apple macOS up to 10.11 apache_mod_php memory corruption
7986| [92055] Apple macOS up to 10.11 apache_mod_php memory corruption
7987| [92054] Apple macOS up to 10.11 apache_mod_php denial of service
7988| [92053] Apple macOS up to 10.11 apache_mod_php denial of service
7989| [92052] Apple macOS up to 10.11 apache_mod_php denial of service
7990| [92051] Apple macOS up to 10.11 apache_mod_php memory corruption
7991| [92050] Apple macOS up to 10.11 apache_mod_php denial of service
7992| [92049] Apple macOS up to 10.11 apache_mod_php memory corruption
7993| [92048] Apple macOS up to 10.11 apache_mod_php denial of service
7994| [92047] Apple macOS up to 10.11 apache_mod_php memory corruption
7995| [92046] Apple macOS up to 10.11 apache_mod_php memory corruption
7996| [92045] Apple macOS up to 10.11 apache_mod_php memory corruption
7997| [92044] Apple macOS up to 10.11 apache_mod_php memory corruption
7998| [92043] Apple macOS up to 10.11 apache_mod_php denial of service
7999| [92042] Apple macOS up to 10.11 apache_mod_php memory corruption
8000| [92041] Apple macOS up to 10.11 apache_mod_php memory corruption
8001| [92040] Apple macOS up to 10.11 Apache Proxy privilege escalation
8002| [91785] Apache Shiro up to 1.3.1 Servlet Filter privilege escalation
8003| [90879] Apache OpenMeetings up to 3.1.1 SWF Panel cross site scripting
8004| [90878] Apache Sentry up to 1.6.x Blacklist Filter reflect/reflect2/java_method privilege escalation
8005| [90610] Apache POI up to 3.13 XLSX2CSV Example OpenXML Document XML External Entity
8006| [90584] Apache ActiveMQ up to 5.11.3/5.12.2/5.13/1 Administration Web Console privilege escalation
8007| [90385] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site scripting
8008| [90384] Apache Archiva up to 1.3.9 addProxyConnector_commit.action cross site request forgery
8009| [90383] Apache OpenOffice up to 4.1.2 Impress File memory corruption
8010| [89670] Apache Tomcat up to 8.5.4 CGI Servlet Environment Variable Open Redirect
8011| [89669] Apache HTTP Server up to 2.4.23 RFC 3875 Namespace Conflict Environment Variable Open Redirect
8012| [89726] Apple Mac OS X up to 10.11.5 apache_mod_php memory corruption
8013| [89484] Apache Qpid up to 0.13.0 on Windows Proton Library Certificate weak authentication
8014| [89473] HPE iMC PLAT/EAD/APM/iMC NTA/iMC BIMS/iMC UAM_TAM up to 7.2 Apache Commons Collections Library Command privilege escalation
8015| [90263] Apache Archiva Header denial of service
8016| [90262] Apache Archiva Deserialize privilege escalation
8017| [90261] Apache Archiva XML DTD Connection privilege escalation
8018| [88827] Apache Xerces-C++ up to 3.1.3 DTD Stack-Based memory corruption
8019| [88747] Apache HTTP Server 2.4.17/2.4.18 mod_http2 denial of service
8020| [88608] Apache Struts up to 2.3.28.1/2.5.0 URLValidator Null Value denial of service
8021| [88607] Apache Struts up to 2.3.28.1 REST Plugin Expression privilege escalation
8022| [88606] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8023| [88605] Apache Struts up to 2.3.28.1 Restriction privilege escalation
8024| [88604] Apache Struts up to 2.3.28.1 Token Validator cross site request forgery
8025| [88603] Apache Commons FileUpload up to 1.3.1 MultipartStream denial of service
8026| [88602] Apache Struts up to 1.3.10 ActionServlet.java cross site scripting
8027| [88601] Apache Struts up to 1.3.10 Multithreading ActionServlet.java memory corruption
8028| [88600] Apache Struts up to 1.3.10 MultiPageValidator privilege escalation
8029| [89005] Apache Qpid AMQP JMS Client getObject privilege escalation
8030| [87888] Apache Ranger up to 0.5.2 Policy Admin Tool eventTime sql injection
8031| [87835] Apache CloudStack up to 4.5.2.0/4.6.2.0/4.7.1.0/4.8.0.0 SAML-based Authentication privilege escalation
8032| [87806] HPE Discovery and Dependency Mapping Inventory up to 9.32 update 3 Apache Commons Collections Library privilege escalation
8033| [87805] HPE Universal CMDB up to 10.21 Apache Commons Collections Library privilege escalation
8034| [87768] Apache Shiro up to 1.2.4 Cipher Key privilege escalation
8035| [87765] Apache James Server 2.3.2 Command privilege escalation
8036| [88667] Apache HTTP Server up to 2.4.20 mod_http2 Certificate weak authentication
8037| [87718] Apache Struts up to 2.3.24.1 OGNL Caching denial of service
8038| [87717] Apache Struts up to 2.3.28 REST Plugin privilege escalation
8039| [87706] Apache Qpid Java up to 6.0.2 AMQP privilege escalation
8040| [87703] Apache Qbid Java up to 6.0.2 PlainSaslServer.java denial of service
8041| [87702] Apache ActiveMQ up to 5.13.x Fileserver Web Application Upload privilege escalation
8042| [87700] Apache PDFbox up to 1.8.11/2.0.0 XML Parser PDF Document XML External Entity
8043| [87679] HP Release Control 9.13/9.20/9.21 Apache Commons Collections Library Java Object privilege escalation
8044| [87540] Apache Ambari up to 2.2.0 File Browser View information disclosure
8045| [87433] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8046| [87432] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8047| [87431] Apple Mac OS X up to 10.11.4 apache_mod_php Format String
8048| [87430] Apple Mac OS X up to 10.11.4 apache_mod_php denial of service
8049| [87429] Apple Mac OS X up to 10.11.4 apache_mod_php information disclosure
8050| [87428] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8051| [87427] Apple Mac OS X up to 10.11.4 apache_mod_php memory corruption
8052| [87389] Apache Xerces C++ up to 3.1.3 XML Document DTDScanner.cpp memory corruption
8053| [87172] Adobe ColdFusion up to 10 Update 18/11 Update 7/2016 Apache Commons Collections Library privilege escalation
8054| [87121] Apache Cordova iOS up to 3.x Plugin privilege escalation
8055| [87120] Apache Cordova iOS up to 3.x URL Whitelist privilege escalation
8056| [83806] HPE Network Node Manager i up to 10.01 Apache Commons Collections Library privilege escalation
8057| [83077] Apache Subversion up to 1.8.15/1.9.3 mod_authz_svn mod_authz_svn.c denial of service
8058| [83076] Apache Subversion up to 1.8.15/1.9.3 svnserve svnserve/cyrus_auth.c privilege escalation
8059| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
8060| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
8061| [82725] HPE P9000 Command View up to 7.x/8.4.0 Apache Commons Collections Library privilege escalation
8062| [82444] Apache Camel up to 2.14.x/2.15.4/2.16.0 HTTP Request privilege escalation
8063| [82389] Apache Subversion up to 1.7.x/1.8.14/1.9.2 mod_dav_svn util.c memory corruption
8064| [82280] Apache Struts up to 1.7 JRE URLDecoder cross site scripting
8065| [82260] Apache OFBiz up to 12.04.05/13.07.02 Java Object privilege escalation
8066| [82259] Apache Qpid Proton up to 0.12.0 proton.reactor.Connector weak encryption
8067| [82250] Apache Ranger up to 0.5.0 Admin UI weak authentication
8068| [82214] Apache Wicket up to 1.5.14/6.21.x/7.1.x Input Element cross site scripting
8069| [82213] Apache Wicket up to 1.5.14/6.21.x/7.1.x ModalWindow Title getWindowOpenJavaScript cross site scripting
8070| [82212] Apache Ranger up to 0.5.0 Policy Admin Tool privilege escalation
8071| [82211] Apache OFBiz up to 12.04.06/13.07.02 ModelFormField.java DisplayEntityField.getDescription cross site scripting
8072| [82082] Apache JetSpeed up to 2.3.0 User Manager Service privilege escalation
8073| [82081] Apache OpenMeetings up to 3.1.0 SOAP API information disclosure
8074| [82080] Apache OpenMeetings up to 3.1.0 Event cross site scripting
8075| [82078] Apache OpenMeetings up to 3.1.0 Import/Export System Backup ZIP Archive directory traversal
8076| [82077] Apache OpenMeetings up to 3.1.0 Password Reset sendHashByUser privilege escalation
8077| [82076] Apache Ranger up to 0.5.1 privilege escalation
8078| [82075] Apache JetSpeed up to 2.3.0 Portal cross site scripting
8079| [82074] Apache JetSpeed up to 2.3.0 cross site scripting
8080| [82073] Apache JetSpeed up to 2.3.0 User Manager Service sql injection
8081| [82072] Apache JetSpeed up to 2.3.0 Portal Site Manager ZIP Archive directory traversal
8082| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
8083| [82053] Apache Ranger up to 0.4.x Policy Admin Tool privilege escalation
8084| [82052] Apache Ranger up to 0.4.x Policy Admin Tool HTTP Request cross site scripting
8085| [81696] Apache ActiveMQ up to 5.13.1 HTTP Header privilege escalation
8086| [81695] Apache Xerces-C up to 3.1.2 internal/XMLReader.cpp memory corruption
8087| [81622] HPE Asset Manager 9.40/9.41/9.50 Apache Commons Collections Library Java Object privilege escalation
8088| [81406] HPE Service Manager up to 9.35 P3/9.41 P1 Apache Commons Collections Library Command privilege escalation
8089| [81405] HPE Operations Orchestration up to 10.50 Apache Commons Collections Library Command privilege escalation
8090| [81427] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8091| [81426] Apple Mac OS X up to 10.11.3 apache_mod_php PNG File memory corruption
8092| [81372] Apache Struts up to 2.3.24.1 I18NInterceptor cross site scripting
8093| [81371] Apache Struts up to 2.3.24.1 Double OGNL Evaluation privilege escalation
8094| [81370] Apache Struts up to 2.3.24.1 Java URLDecoder cross site scripting
8095| [81084] Apache Tomcat 6.0/7.0/8.0/9.0 ServletContext directory traversal
8096| [81083] Apache Tomcat 7.0/8.0/9.0 Index Page cross site request forgery
8097| [81082] Apache Tomcat 7.0/8.0/9.0 ResourceLinkFactory.setGlobalContext privilege escalation
8098| [81081] Apache Tomcat 6.0/7.0/8.0/9.0 Error information disclosure
8099| [81080] Apache Tomcat 6.0/7.0/8.0/9.0 Session Persistence privilege escalation
8100| [81079] Apache Tomcat 6.0/7.0/8.0/9.0 StatusManagerServlet information disclosure
8101| [81078] Apache Tomcat 7.0/8.0/9.0 Session privilege escalation
8102| [80970] Apache Solr up to 5.3.0 Admin UI plugins.js cross site scripting
8103| [80969] Apache Solr up to 5.2 Schema schema-browser.js cross site scripting
8104| [80968] Apache Solr up to 5.0 analysis.js cross site scripting
8105| [80940] HP Continuous Delivery Automation 1.30 Apache Commons Collections Library privilege escalation
8106| [80823] Apache CloudStack up to 4.5.1 KVM Virtual Machine Migration privilege escalation
8107| [80822] Apache CloudStack up to 4.5.1 API Call information disclosure
8108| [80778] Apache Camel up to 2.15.4/2.16.0 camel-xstream privilege escalation
8109| [80750] HPE Operations Manager 8.x/9.0 on Windows Apache Commons Collections Library privilege escalation
8110| [80724] Apache Hive up to 1.2.1 Authorization Framework privilege escalation
8111| [80577] Oracle Secure Global Desktop 4.63/4.71/5.2 Apache HTTP Server denial of service
8112| [80165] Intel McAfee ePolicy Orchestrator up to 4.6.9/5.0.3/5.3.1 Apache Commons Collections Library privilege escalation
8113| [80116] Apache Subversion up to 1.9.2 svn Protocol libsvn_ra_svn/marshal.c read_string memory corruption
8114| [80115] Apache ActiveMQ up to 5.12.x Broker Service privilege escalation
8115| [80036] IBM Cognos Business Intelligence Apache Commons Collections Library InvokerTransformer privilege escalation
8116| [79873] VMware vCenter Operations/vRealize Orchestrator Apache Commons Collections Library Serialized Java Object privilege escalation
8117| [79840] Apache Cordova File Transfer Plugin up to 1.2.x on Android unknown vulnerability
8118| [79839] Apache TomEE Serialized Java Stream EjbObjectInputStream privilege escalation
8119| [79791] Cisco Products Apache Commons Collections Library privilege escalation
8120| [79539] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8121| [79538] Apple Mac OS X up to 10.11.1 apache_mod_php memory corruption
8122| [79294] Apache Cordova-Android up to 3.6 BridgeSecret Random Generator weak encryption
8123| [79291] Apache Cordova-Android up to 4.0 Javascript Whitelist privilege escalation
8124| [79244] Apache CXF up to 2.7.17/3.0.7/3.1.2 SAML Web SSO Module SAML Response weak authentication
8125| [79243] Oracle WebLogic Server 10.3.6.0/12.1.2.0/12.1.3.0/12.2.1.0 WLS Security com.bea.core.apache.commons.collections.jar privilege escalation
8126| [78989] Apache Ambari up to 2.1.1 Open Redirect
8127| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
8128| [78987] Apache Ambari up to 2.0.x cross site scripting
8129| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
8130| [78780] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8131| [78779] Apple Mac OS X up to 10.11.0 apache_mod_php denial of service
8132| [78778] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8133| [78777] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8134| [78776] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8135| [78775] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8136| [78774] Apple Mac OS X up to 10.11.0 apache_mod_php memory corruption
8137| [78297] Apache Commons Components HttpClient up to 4.3.5 HTTPS Timeout denial of service
8138| [77406] Apache Flex BlazeDS AMF Message XML External Entity
8139| [77429] Apache ActiveMQ up to 5.10.0 LDAPLoginModule privilege escalation
8140| [77399] Apache ActiveMQ up to 5.10.0 LDAPLoginModule weak authentication
8141| [77375] Apache Tapestry up to 5.3.5 Client-Side Object Storage privilege escalation
8142| [77331] Apache ActiveMQ up to 5.11.1 on Windows Fileserver Upload/Download directory traversal
8143| [77299] Apache Solr Real-Time Module up to 7.x-1.1 Index Content information disclosure
8144| [77247] Apache ActiveMQ up to 5.10 TransportConnection.java processControlCommand denial of service
8145| [77083] Apache Groovy up to 2.4.3 MethodClosure.java MethodClosure memory corruption
8146| [76953] Apache Subversion 1.7.0/1.8.0/1.8.10 svn_repos_trace_node_locations information disclosure
8147| [76952] Apache Subversion 1.7.0/1.8.0/1.8.10 mod_authz_svn anonymous/authenticated information disclosure
8148| [76567] Apache Struts 2.3.20 unknown vulnerability
8149| [76733] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 ap_some_auth_required unknown vulnerability
8150| [76732] Apache HTTP Server 2.4.7/2.4.8/2.4.9/2.4.10/2.4.12 Request apr_brigade_flatten privilege escalation
8151| [76731] Apache HTTP Server 2.4.12 ErrorDocument 400 Crash denial of service
8152| [75690] Apache Camel up to 2.13.3/2.14.1 XPathBuilder.java XML External Entity
8153| [75689] Apache Camel up to 2.13.3/2.14.1 XML Converter Setup XmlConverter.java SAXSource privilege escalation
8154| [75668] Apache Sling API/Sling Servlets Post up to 2.2.1 HtmlResponse cross site scripting
8155| [75601] Apache Jackrabbit up to 2.10.0 WebDAV Request XML External Entity
8156| [75420] Apache Tomcat up to 6.0.43/7.0.58/8.0.16 Security Manager privilege escalation
8157| [75145] Apache OpenOffice up to 4.1.1 HWP Filter Crash denial of service
8158| [75032] Apache Tomcat Connectors up to 1.2.40 mod_jk privilege escalation
8159| [75135] PHP 5.4/5.5 HTTP Request sapi_apache2.c apache2handler privilege escalation
8160| [74793] Apache Tomcat File Upload denial of service
8161| [74708] Apple MacOS X up to 10.10.2 Apache denial of service
8162| [74707] Apple MacOS X up to 10.10.2 Apache denial of service
8163| [74706] Apple MacOS X up to 10.10.2 Apache memory corruption
8164| [74705] Apple MacOS X up to 10.10.2 Apache denial of service
8165| [74704] Apple MacOS X up to 10.10.2 Apache denial of service
8166| [74703] Apple MacOS X up to 10.10.2 Apache denial of service
8167| [74702] Apple MacOS X up to 10.10.2 Apache denial of service
8168| [74701] Apple MacOS X up to 10.10.2 Apache cross site request forgery
8169| [74700] Apple MacOS X up to 10.10.2 Apache unknown vulnerability
8170| [74661] Apache Flex up to 4.14.0 asdoc index.html cross site scripting
8171| [74609] Apache Cassandra up to 1.2.19/2.0.13/2.1.3 JMX/RMI Interface privilege escalation
8172| [74469] Apache Xerces-C up to 7.0 internal/XMLReader.cpp denial of service
8173| [74468] Apache Batik up to 1.6 denial of service
8174| [74414] Apache Mod-gnutls up to 0.5.1 Authentication spoofing
8175| [74371] Apache Standard Taglibs up to 1.2.0 memory corruption
8176| [74367] Apache HTTP Server up to 2.4.12 mod_lua lua_request.c wsupgrade denial of service
8177| [74174] Apache WSS4J up to 2.0.0 privilege escalation
8178| [74172] Apache ActiveMQ up to 5.5.0 Administration Console cross site scripting
8179| [69092] Apache Tomcat up to 6.0.42/7.0.54/8.0.8 HTTP Request Smuggling privilege escalation
8180| [73831] Apache Qpid up to 0.30 Access Restriction unknown vulnerability
8181| [73731] Apache XML Security unknown vulnerability
8182| [68660] Oracle BI Publisher 10.1.3.4.2/11.1.1.7 Apache Tomcat cross site scripting
8183| [73659] Apache CloudStack up to 4.3.0 Stack-Based unknown vulnerability
8184| [73593] Apache Traffic Server up to 5.1.0 denial of service
8185| [73511] Apache POI up to 3.10 Deadlock denial of service
8186| [73510] Apache Solr up to 4.3.0 cross site scripting
8187| [68447] Apache Subversion up to 1.7.18/1.8.10 mod_dav_svn Crash denial of service
8188| [68446] Apache Subversion up to 1.7.18/1.8.10 REPORT Request Crash denial of service
8189| [73173] Apache CloudStack Stack-Based unknown vulnerability
8190| [68357] Apache Struts up to 2.3.16.3 Random Number Generator cross site request forgery
8191| [73106] Apache Hadoop up to 2.4.0 Symlink privilege escalation
8192| [68575] Apache HTTP Server up to 2.4.10 LuaAuthzProvider mod_lua.c privilege escalation
8193| [72890] Apache Qpid 0.30 unknown vulnerability
8194| [72887] Apache Hive 0.13.0 File Permission privilege escalation
8195| [72878] Apache Cordova 3.5.0 cross site request forgery
8196| [72877] Apache Cordova 3.5.0 cross site request forgery
8197| [72876] Apache Cordova 3.5.0 cross site request forgery
8198| [68435] Apache HTTP Server 2.4.10 mod_proxy_fcgi.c handle_headers denial of service
8199| [68065] Apache CXF up to 3.0.1 JAX-RS SAML denial of service
8200| [68064] Apache CXF up to 3.0.0 SAML Token denial of service
8201| [67913] Oracle Retail Markdown Optimization 12.0/13.0/13.1/13.2/13.4 Apache commons-beanutils-1.8.0.jar memory corruption
8202| [67912] Oracle Retail Invoice Matching up to 14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8203| [67911] Oracle Retail Clearance Optimization Engine 13.3/13.4/14.0 Apache commons-beanutils-1.8.0.jar memory corruption
8204| [67910] Oracle Retail Allocation up to 13.2 Apache commons-beanutils-1.8.0.jar memory corruption
8205| [71835] Apache Shiro 1.0.0/1.1.0/1.2.0/1.2.1/1.2.2 unknown vulnerability
8206| [71633] Apachefriends XAMPP 1.8.1 cross site scripting
8207| [71629] Apache Axis2/C spoofing
8208| [67633] Apple Mac OS X up to 10.9.4 apache_mod_php ext/standard/dns.c dns_get_record memory corruption
8209| [67631] Apple Mac OS X up to 10.9.4 apache_mod_php Symlink memory corruption
8210| [67630] Apple Mac OS X up to 10.9.4 apache_mod_php cdf_read_property_info denial of service
8211| [67629] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_count_chain denial of service
8212| [67628] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_check_stream_offset denial of service
8213| [67627] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c mconvert memory corruption
8214| [67626] Apple Mac OS X up to 10.9.4 apache_mod_php softmagic.c denial of service
8215| [67625] Apple Mac OS X up to 10.9.4 apache_mod_php Crash denial of service
8216| [67624] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_property_info denial of service
8217| [67623] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_unpack_summary_info denial of service
8218| [67622] Apple Mac OS X up to 10.9.4 apache_mod_php cdf.c cdf_read_short_sector denial of service
8219| [67620] Apple Mac OS X up to 10.9.4 apache_mod_php magic/Magdir/commands denial of service
8220| [67790] Apache HTTP Server mod_cache NULL Pointer Dereference denial of service
8221| [67522] Apache Tomcat up to 7.0.39 JSP Upload privilege escalation
8222| [70809] Apache POI up to 3.11 Crash denial of service
8223| [70808] Apache POI up to 3.10 unknown vulnerability
8224| [70806] Apache Commons-httpclient 4.2/4.2.1/4.2.2 spoofing
8225| [70749] Apache Axis up to 1.4 getCN spoofing
8226| [70701] Apache Traffic Server up to 3.3.5 denial of service
8227| [70700] Apache OFBiz up to 12.04.03 cross site scripting
8228| [67402] Apache OpenOffice 4.0.0/4.0.1/4.1.0 Calc privilege escalation
8229| [67401] Apache OpenOffice up to 4.1.0 OLE Object information disclosure
8230| [70661] Apache Subversion up to 1.6.17 denial of service
8231| [70660] Apache Subversion up to 1.6.17 spoofing
8232| [70659] Apache Subversion up to 1.6.17 spoofing
8233| [67183] Apache HTTP Server up to 2.4.9 mod_proxy denial of service
8234| [67180] Apache HTTP Server up to 2.4.9 WinNT MPM Memory Leak denial of service
8235| [67185] Apache HTTP Server up to 2.4.9 mod_status Heap-Based memory corruption
8236| [67184] Apache HTTP Server 2.4.5/2.4.6 mod_cache NULL Pointer Dereference denial of service
8237| [67182] Apache HTTP Server up to 2.4.9 mod_deflate Memory Consumption denial of service
8238| [67181] Apache HTTP Server up to 2.4.9 mod_cgid denial of service
8239| [70338] Apache Syncope up to 1.1.7 unknown vulnerability
8240| [70295] Apache CXF up to 2.7.9 Cleartext information disclosure
8241| [70106] Apache Open For Business Project up to 10.04.0 getServerError cross site scripting
8242| [70105] Apache MyFaces up to 2.1.5 JavaServer Faces directory traversal
8243| [69846] Apache HBase up to 0.94.8 information disclosure
8244| [69783] Apache CouchDB up to 1.2.0 memory corruption
8245| [13383] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 XML Parser privilege escalation
8246| [13300] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi setuid() privilege escalation
8247| [13299] Apache HTTP Server 2.4.1/2.4.2 mod_wsgi Content-Type Header information disclosure
8248| [13164] Apache CXF up to 2.6.13/2.7.10 SOAP OutgoingChainInterceptor.java Invalid Content denial of service
8249| [13163] Apache CXF up to 2.6.13/2.7.10 SOAP HTML Content denial of service
8250| [13158] Apache Struts up to 2.3.16.2 ParametersInterceptor getClass privilege escalation
8251| [69515] Apache Struts up to 2.3.15.0 CookieInterceptor memory corruption
8252| [13086] Apache Struts up to 1.3.10 Class Loader privilege escalation
8253| [13067] Apache Struts up to 2.3.16.1 Class Loader privilege escalation
8254| [69431] Apache Archiva up to 1.3.6 cross site scripting
8255| [69385] Apache Syncope up to 1.1.6 unknown vulnerability
8256| [69338] Apache Xalan-Java up to 2.7.1 system-property unknown vulnerability
8257| [12742] Trustwave ModSecurity up to 2.7.5 Chunk Extension apache2/modsecurity.c modsecurity_tx_init() privilege escalation
8258| [12741] Trustwave ModSecurity up to 2.7.6 Chunked HTTP Transfer apache2/modsecurity.c modsecurity_tx_init Trailing Header privilege escalation
8259| [13387] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Content-Length Header privilege escalation
8260| [13386] Apache Tomcat Security Manager up to 6.0.39/7.0.53/8.0.5 XSLT privilege escalation
8261| [13385] Apache Tomcat 8.0.0/8.0.1/8.0.3 AJP Request Zero Length denial of service
8262| [13384] Apache Tomcat up to 6.0.39/7.0.53/8.0.5 Chunked HTTP Request denial of service
8263| [12748] Apache CouchDB 1.5.0 UUIDS /_uuids denial of service
8264| [66739] Apache Camel up to 2.12.2 unknown vulnerability
8265| [66738] Apache Camel up to 2.12.2 unknown vulnerability
8266| [12667] Apache HTTP Server 2.4.7 mod_log_config.c log_cookie denial of service
8267| [66695] Apache CouchDB up to 1.2.0 cross site scripting
8268| [66694] Apache CouchDB up to 1.2.0 Partition partition2 directory traversal
8269| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
8270| [12518] Apache Tomcat up to 6.0.38/7.0.49/8.0.0-RC9 HTTP Header denial of service
8271| [66498] Apache expressions up to 3.3.0 Whitelist unknown vulnerability
8272| [12781] Apache Struts up to 2.3.8 ParametersInterceptor getClass denial of service
8273| [12439] Apache Tomcat 6.0.33 XML XXE information disclosure
8274| [12438] Apache Tomcat 6.0.33/6.0.34/6.0.35/6.0.36/6.0.37 coyoteadapter.java disableURLRewriting privilege escalation
8275| [66356] Apache Wicket up to 6.8.0 information disclosure
8276| [12209] Apache Tomcat 8.0.0-RC1/8.0.1/7.0.0/7.0.50 Content-Type Header for Multi-Part Request Infinite Loop denial of service
8277| [66322] Apache ActiveMQ up to 5.8.0 cross site scripting
8278| [12291] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8279| [66255] Apache Open For Business Project up to 10.04.3 cross site scripting
8280| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
8281| [66072] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8282| [66068] Apache CloudStack up to 4.2.0 Stack-Based unknown vulnerability
8283| [11928] Oracle Secure Global Desktop up to 4.71 Apache Tomcat unknown vulnerability
8284| [11924] Oracle Secure Global Desktop up to 4.63 Apache Tomcat denial of service
8285| [11922] Oracle Secure Global Desktop up to 4.63 Apache Tomcat unknown vulnerability
8286| [66049] Apache XML Security for Java up to 1.4.6 Memory Consumption denial of service
8287| [12199] Apache Subversion up to 1.8.5 mod_dav_svn/repos.c get_resource denial of service
8288| [65946] askapache Firefox Adsense up to 3.0 askapache-firefox-adsense.php cross site request forgery
8289| [65668] Apache Solr 4.0.0 Updater denial of service
8290| [65665] Apache Solr up to 4.3.0 denial of service
8291| [65664] Apache Solr 3.6.0/3.6.1/3.6.2/4.0.0 Updater denial of service
8292| [65663] Apache Solr up to 4.5.1 ResourceLoader directory traversal
8293| [65658] Apache roller 4.0/4.0.1/5.0/5.0.1 unknown vulnerability
8294| [65657] Apache Roller 4.0/4.0.1/5.0/5.0.1 cross site scripting
8295| [11325] Apache Subversion 1.7.13 mod_dontdothat Bypass denial of service
8296| [11324] Apache Subversion up to 1.8.4 mod_dav_svn denial of service
8297| [11098] Apache Tomcat 5.5.25 HTTP Request cross site request forgery
8298| [65410] Apache Struts 2.3.15.3 cross site scripting
8299| [65386] Apache Solr up to 2.2.1 on TYPO3 cross site scripting
8300| [65385] Apache Solr up to 2.2.1 on TYPO3 unknown vulnerability
8301| [11044] Apache Struts 2.3.15.3 showConfig.action cross site scripting
8302| [11043] Apache Struts 2.3.15.3 actionNames.action cross site scripting
8303| [11018] cPanel WHM up to 11.40.0.11 Apache mod_userdir Tweak Interface privilege escalation
8304| [65342] Apache Sling 1.0.2/1.0.4/1.0.6/1.1.0/1.1.2 Auth Core cross site scripting
8305| [65340] Apache Shindig 2.5.0 information disclosure
8306| [65316] Apache Mod Fcgid up to 2.3.7 mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption
8307| [65313] Apache Sling 2.2.0/2.3.0 AbstractCreateOperation.java deepGetOrCreateNode denial of service
8308| [10826] Apache Struts 2 File privilege escalation
8309| [65204] Apache Camel up to 2.10.1 unknown vulnerability
8310| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
8311| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
8312| [10160] Apache Subversion 1.8.0/1.8.1/1.8.2 svnwcsub.py handle_options race condition
8313| [10159] Apache Subversion up to 1.8.2 svnserve write_pid_file() race condition
8314| [10158] Apache Subversion 1.8.0/1.8.1/1.8.2 daemonize.py daemon::daemonize race condition
8315| [10157] Apache Subversion up to 1.8.1 FSFS Repository Symlink privilege escalation
8316| [64808] Fail2ban up to 0.8.9 apache-auth.conf denial of service
8317| [64760] Best Practical RT up to 4.0.12 Apache::Session::File information disclosure
8318| [64722] Apache XML Security for C++ Heap-based memory corruption
8319| [64719] Apache XML Security for C++ Heap-based memory corruption
8320| [64718] Apache XML Security for C++ verify denial of service
8321| [64717] Apache XML Security for C++ getURIBaseTXFM memory corruption
8322| [64716] Apache XML Security for C++ spoofing
8323| [64701] Apache CXF up to 2.7.3 XML Parser Memory Consumption denial of service
8324| [64700] Apache CloudStack up to 4.1.0 Stack-Based cross site scripting
8325| [64667] Apache Open For Business Project up to 10.04.04 unknown vulnerability
8326| [64666] Apache Open For Business Project up to 10.04.04 cross site scripting
8327| [9891] Apache HTTP Server 2.2.22 suEXEC Feature .htaccess information disclosure
8328| [64509] Apache ActiveMQ up to 5.8.0 scheduled.jsp cross site scripting
8329| [9826] Apache Subversion up to 1.8.0 mod_dav_svn denial of service
8330| [9683] Apache HTTP Server 2.4.5 mod_session_dbd denial of service
8331| [64485] Apache Struts up to 2.2.3.0 privilege escalation
8332| [9568] Apache Struts up to 2.3.15 DefaultActionMapper cross site request forgery
8333| [9567] Apache Struts up to 2.3.15 DefaultActionMapper memory corruption
8334| [64467] Apache Geronimo 3.0 memory corruption
8335| [64466] Apache OpenJPA up to 2.2.1 Serialization memory corruption
8336| [64457] Apache Struts up to 2.2.3.0 cross site scripting
8337| [64326] Alejandro Garza Apachesolr Autocomplete up to 7.x-1.1 cross site scripting
8338| [9184] Apache Qpid up to 0.20 SSL misconfiguration
8339| [8935] Apache Subversion up to 1.7.9 FSFS Format Repository denial of service
8340| [8934] Apache Subversion up to 1.7.9 Svnserve Server denial of service
8341| [8933] Apache Subversion up to 1.6.21 check-mime-type.pl svnlook memory corruption
8342| [8932] Apache Subversion up to 1.6.21 svn-keyword-check.pl svnlook changed memory corruption
8343| [9022] Apache Struts up to 2.3.14.2 OGNL Expression memory corruption
8344| [8873] Apache Struts 2.3.14 privilege escalation
8345| [8872] Apache Struts 2.3.14 privilege escalation
8346| [8746] Apache HTTP Server Log File Terminal Escape Sequence Filtering mod_rewrite.c do_rewritelog privilege escalation
8347| [8666] Apache Tomcat up to 7.0.32 AsyncListener information disclosure
8348| [8665] Apache Tomcat up to 7.0.29 Chunked Transfer Encoding Extension Size denial of service
8349| [8664] Apache Tomcat up to 7.0.32 FORM Authentication weak authentication
8350| [64075] Apache Subversion up to 1.7.7 mod_dav_svn Crash denial of service
8351| [64074] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8352| [64073] Apache Subversion up to 1.7.8 mod_dav_svn NULL Pointer Dereference denial of service
8353| [64072] Apache Subversion up to 1.7.7 mod_dav_svn NULL Pointer Dereference denial of service
8354| [64071] Apache Subversion up to 1.7.8 mod_dav_svn Memory Consumption denial of service
8355| [8768] Apache Struts up to 2.3.14 on Mac EL and OGNL Interpreter memory corruption
8356| [64006] Apache ActiveMQ up to 5.7.0 denial of service
8357| [64005] Apache ActiveMQ up to 5.7.0 Default Configuration denial of service
8358| [64004] Apache ActiveMQ up to 5.7.0 PortfolioPublishServlet.java cross site scripting
8359| [8427] Apache Tomcat Session Transaction weak authentication
8360| [63960] Apache Maven 3.0.4 Default Configuration spoofing
8361| [63751] Apache qpid up to 0.20 qpid::framing::Buffer denial of service
8362| [63750] Apache qpid up to 0.20 checkAvailable denial of service
8363| [63749] Apache Qpid up to 0.20 Memory Consumption denial of service
8364| [63748] Apache Qpid up to 0.20 Default Configuration denial of service
8365| [63747] Apache Rave up to 0.20 User Account information disclosure
8366| [7889] Apache Subversion up to 1.6.17 mod_dav_svn/svn_fs_file_length() denial of service
8367| [63646] Apache HTTP Server up to 2.2.23/2.4.3 mod_proxy_balancer.c balancer_handler cross site scripting
8368| [7688] Apache CXF up to 2.7.1 WSS4JInterceptor Bypass weak authentication
8369| [7687] Apache CXF up to 2.7.2 Token weak authentication
8370| [63334] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8371| [63299] Apache CXF up to 2.6.0 WS-Security unknown vulnerability
8372| [7202] Apache HTTP Server 2.4.2 on Oracle Solaris ld_library_path cross site scripting
8373| [7075] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector NioEndpoint.java denial of service
8374| [7074] Apache Tomcat up to 6.0.35/7.0.29 FORM Authentication RealmBase.java weak authentication
8375| [7073] Apache Tomcat up to 6.0.35/7.0.31 CSRF Prevention Filter cross site request forgery
8376| [63090] Apache Tomcat up to 4.1.24 denial of service
8377| [63089] Apache HTTP Server up to 2.2.13 mod_proxy_ajp denial of service
8378| [62933] Apache Tomcat up to 5.5.0 Access Restriction unknown vulnerability
8379| [62929] Apache Tomcat up to 6.0.35/7.0.27 NIO Connector Memory Consumption denial of service
8380| [62833] Apache CXF -/2.6.0 spoofing
8381| [62832] Apache Axis2 up to 1.6.2 spoofing
8382| [62831] Apache Axis up to 1.4 Java Message Service spoofing
8383| [62830] Apache Commons-httpclient 3.0 Payments spoofing
8384| [62826] Apache Libcloud up to 0.11.0 spoofing
8385| [62757] Apache Open For Business Project up to 10.04.0 unknown vulnerability
8386| [8830] Red Hat JBoss Enterprise Application Platform 6.0.1 org.apache.catalina.connector.Response.encodeURL information disclosure
8387| [62661] Apache Axis2 unknown vulnerability
8388| [62658] Apache Axis2 unknown vulnerability
8389| [62467] Apache Qpid up to 0.17 denial of service
8390| [62417] Apache CXF 2.4.7/2.4.8/2.5.3/2.5.4/2.6.1 spoofing
8391| [6301] Apache HTTP Server mod_pagespeed cross site scripting
8392| [6300] Apache HTTP Server mod_pagespeed Hostname information disclosure
8393| [6123] Apache Wicket up to 1.5.7 Ajax Link cross site scripting
8394| [62035] Apache Struts up to 2.3.4 denial of service
8395| [61916] Apache QPID 0.14/0.16/0.5/0.6 unknown vulnerability
8396| [6998] Apache Tomcat 5.5.35/6.0.35/7.0.28 DIGEST Authentication Session State Caching privilege escalation
8397| [6997] Apache Tomcat 5.5.35/6.0.35/7.0.28 HTTP Digest Authentication Implementation privilege escalation
8398| [6092] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_ajp.c information disclosure
8399| [6090] Apache HTTP Server 2.4.0/2.4.1/2.4.2 mod_proxy_http.c information disclosure
8400| [61507] Apache POI up to 3.8 UnhandledDataStructure denial of service
8401| [6070] Apache Struts up to 2.3.4 Token Name Configuration Parameter privilege escalation
8402| [6069] Apache Struts up to 2.3.4 Request Parameter OGNL Expression denial of service
8403| [5764] Oracle Solaris 10 Apache HTTP Server information disclosure
8404| [5700] Oracle Secure Backup 10.3.0.3/10.4.0.1 Apache denial of service
8405| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
8406| [61229] Apache Sling up to 2.1.1 denial of service
8407| [61152] Apache Commons-compress 1.0/1.1/1.2/1.3/1.4 denial of service
8408| [61094] Apache Roller up to 5.0 cross site scripting
8409| [61093] Apache Roller up to 5.0 cross site request forgery
8410| [61005] Apache OpenOffice 3.3/3.4 unknown vulnerability
8411| [9673] Apache HTTP Server up to 2.4.4 mod_dav mod_dav.c Request denial of service
8412| [5436] Apache OpenOffice 3.3/3.4 WPXContentListener.cpp _closeTableRow() File memory corruption
8413| [5435] Apache OpenOffice 3.3/3.4 vclmi.dll File memory corruption
8414| [60730] PHP 5.4.0/5.4.1/5.4.2 apache_request_headers memory corruption
8415| [60708] Apache Qpid 0.12 unknown vulnerability
8416| [5032] Apache Hadoop up to 0.20.205.0/1.0.1/0.23.1 Kerberos/MapReduce Security Feature privilege escalation
8417| [4949] Apache Struts File Upload XSLTResult.java XSLT File privilege escalation
8418| [4955] Apache Traffic Server 3.0.3/3.1.2 HTTP Header Parser memory corruption
8419| [4882] Apache Wicket up to 1.5.4 directory traversal
8420| [4881] Apache Wicket up to 1.4.19 cross site scripting
8421| [4884] Apache HTTP Server up to 2.3.6 mod_fcgid fcgid_spawn_ctl.c FcgidMaxProcessesPerClass HTTP Requests denial of service
8422| [60352] Apache Struts up to 2.2.3 memory corruption
8423| [60153] Apache Portable Runtime up to 1.4.3 denial of service
8424| [4598] Apache Struts 1.3.10 upload-submit.do cross site scripting
8425| [4597] Apache Struts 1.3.10 processSimple.do cross site scripting
8426| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
8427| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
8428| [4583] Apache HTTP Server up to 2.2.21 Threaded MPM denial of service
8429| [4582] Apache HTTP Server up to 2.2.21 protocol.c information disclosure
8430| [4571] Apache Struts up to 2.3.1.2 privilege escalation
8431| [4557] Apache Tomcat up to 7.0.21 Caching/Recycling information disclosure
8432| [59934] Apache Tomcat up to 6.0.9 DigestAuthenticator.java unknown vulnerability
8433| [59933] Apache Tomcat up to 6.0.9 Access Restriction unknown vulnerability
8434| [59932] Apache Tomcat up to 6.0.9 unknown vulnerability
8435| [59931] Apache Tomcat up to 6.0.9 Access Restriction information disclosure
8436| [59902] Apache Struts up to 2.2.3 Interfaces unknown vulnerability
8437| [4528] Apache Struts up to 2.2.3 DebuggingInterceptor privilege escalation
8438| [4527] Apache Struts up to 2.2.3 ExceptionDelegator cross site scripting
8439| [59888] Apache Tomcat up to 6.0.6 denial of service
8440| [59886] Apache ActiveMQ up to 5.5.1 Crash denial of service
8441| [4513] Apache Struts up to 2.3.1 ParameterInterceptor directory traversal
8442| [4512] Apache Struts up to 2.2.3 CookieInterceptor command injection
8443| [59850] Apache Geronimo up to 2.2.1 denial of service
8444| [59825] Apache HTTP Server up to 2.1.7 mod_reqtimeout denial of service
8445| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
8446| [58467] Apache libcloud 0.2.0/0.3.0/0.3.1/0.4.0 Access Restriction spoofing
8447| [58413] Apache Tomcat up to 6.0.10 spoofing
8448| [58381] Apache Wicket up to 1.4.17 cross site scripting
8449| [58296] Apache Tomcat up to 7.0.19 unknown vulnerability
8450| [57888] Apache HttpClient 4.0/4.0.1/4.1 Authorization information disclosure
8451| [57587] Apache Subversion up to 1.6.16 mod_dav_svn information disclosure
8452| [57585] Apache Subversion up to 1.6.16 mod_dav_svn Memory Consumption denial of service
8453| [57584] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8454| [57577] Apache Rampart-C 1.3.0 Access Restriction rampart_timestamp_token_validate privilege escalation
8455| [57568] Apache Archiva up to 1.3.4 cross site scripting
8456| [57567] Apache Archiva up to 1.3.4 cross site request forgery
8457| [57481] Apache Tomcat 7.0.12/7.0.13 Access Restriction unknown vulnerability
8458| [4355] Apache HTTP Server APR apr_fnmatch denial of service
8459| [57435] Apache Struts up to 2.2.1.1 FileHandler.java cross site scripting
8460| [57425] Apache Struts up to 2.2.1.1 cross site scripting
8461| [4352] Apache HTTP Server 2.2.x APR apr_fnmatch denial of service
8462| [57025] Apache Tomcat up to 7.0.11 information disclosure
8463| [57024] Apache Tomcat 7.0.11 Access Restriction information disclosure
8464| [56774] IBM WebSphere Application Server up to 7.0.0.14 org.apache.jasper.runtime.JspWriterImpl.response denial of service
8465| [56824] Apache Subversion up to 1.6.4 mod_dav_svn NULL Pointer Dereference denial of service
8466| [56832] Apache Tomcat up to 7.0.10 Access Restriction information disclosure
8467| [56830] Apache Tomcat up to 7.0.9 Access Restriction privilege escalation
8468| [12440] Apache Tomcat 6.0.33 Malicious Request cross site scripting
8469| [56512] Apache Continuum up to 1.4.0 cross site scripting
8470| [4285] Apache Tomcat 5.x JVM getLocale() denial of service
8471| [4284] Apache Tomcat 5.x HTML Manager cross site scripting
8472| [4283] Apache Tomcat 5.x ServletContect privilege escalation
8473| [56441] Apache Tomcat up to 7.0.6 denial of service
8474| [56300] Apache CouchDB up to 1.0.1 Web Administration Interface cross site scripting
8475| [55967] Apache Subversion up to 1.6.4 rev_hunt.c denial of service
8476| [55966] Apache Subversion up to 1.6.4 mod_dav_svn repos.c walk denial of service
8477| [55095] Apache Axis2 up to 1.6 Default Password memory corruption
8478| [55631] Apache Archiva up to 1.3.1 User Account cross site request forgery
8479| [55556] Apache Tomcat up to 6.0.29 Default Configuration information disclosure
8480| [55553] Apache Tomcat up to 7.0.4 sessionsList.jsp cross site scripting
8481| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
8482| [54881] Apache Subversion up to 1.6.12 mod_dav_svn authz.c privilege escalation
8483| [54879] Apache APR-util up to 0.9.14 mod_reqtimeout apr_brigade_split_line denial of service
8484| [54693] Apache Traffic Server DNS Cache unknown vulnerability
8485| [54416] Apache CouchDB up to 0.11.0 cross site request forgery
8486| [54394] Apache CXF up to 2.2.8 Memory Consumption denial of service
8487| [54261] Apache Tomcat jsp/cal/cal2.jsp cross site scripting
8488| [54166] Apache HTTP Server up to 2.2.12 mod_cache Crash denial of service
8489| [54385] Apache Struts up to 2.1.8.1 ParameterInterceptor unknown vulnerability
8490| [54012] Apache Tomcat up to 6.0.10 denial of service
8491| [53763] Apache Axis2 1.3/1.4/1.4.1/1.5/1.5.1 Memory Consumption denial of service
8492| [53368] Apache MyFaces 1.1.7/1.2.8 cross site scripting
8493| [53397] Apache axis2 1.4.1/1.5.1 Administration Console cross site scripting
8494| [52894] Apache Tomcat up to 6.0.7 information disclosure
8495| [52960] Apache ActiveMQ up to 5.4-snapshot information disclosure
8496| [52843] Apache HTTP Server mod_auth_shadow unknown vulnerability
8497| [52786] Apache Open For Business Project up to 09.04 cross site scripting
8498| [52587] Apache ActiveMQ up to 5.3.0 cross site request forgery
8499| [52586] Apache ActiveMQ up to 5.3.0 cross site scripting
8500| [52584] Apache CouchDB up to 0.10.1 information disclosure
8501| [51757] Apache HTTP Server 2.0.44 cross site scripting
8502| [51756] Apache HTTP Server 2.0.44 spoofing
8503| [51717] Apache HTTP Server up to 1.3.3 mod_proxy ap_proxy_send_fb memory corruption
8504| [51690] Apache Tomcat up to 6.0 directory traversal
8505| [51689] Apache Tomcat up to 6.0 information disclosure
8506| [51688] Apache Tomcat up to 6.0 directory traversal
8507| [50886] HP Operations Manager 8.10 on Windows File Upload org.apache.catalina.manager.HTMLManagerServlet memory corruption
8508| [50802] Apache Tomcat up to 3.3 Default Password weak authentication
8509| [50626] Apache Solr 1.0.0 cross site scripting
8510| [49857] Apache HTTP Server mod_proxy_ftp cross site scripting
8511| [49856] Apache HTTP Server 2.2.13 mod_proxy_ftp ap_proxy_ftp_handler denial of service
8512| [49348] Apache Xerces-C++ 2.7.0 Stack-Based denial of service
8513| [86789] Apache Portable Runtime memory/unix/apr_pools.c unknown vulnerability
8514| [49283] Apache APR-util up to 1.3.8 apr-util misc/apr_rmm.c apr_rmm_realloc memory corruption
8515| [48952] Apache HTTP Server up to 1.3.6 mod_deflate denial of service
8516| [48626] Apache Tomcat up to 4.1.23 Access Restriction directory traversal
8517| [48431] Apache Tomcat up to 4.1.23 j_security_check cross site scripting
8518| [48430] Apache Tomcat up to 4.1.23 mod_jk denial of service
8519| [47801] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site request forgery
8520| [47800] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console cross site scripting
8521| [47799] Apache Geronimo 2.1/2.1.1/2.1.2/2.1.3 Administration Console directory traversal
8522| [47648] Apache Tiles 2.1.0/2.1.1 cross site scripting
8523| [47640] Apache Struts 2.0.11/2.0.6/2.0.8/2.0.9/2.1 cross site scripting
8524| [47638] Apache Tomcat up to 4.1.23 mod_jk information disclosure
8525| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
8526| [47593] Apache Mod Perl 1 perl-status Apache::Status cross site scripting
8527| [47637] Apache Struts 1.0.2/1.1/1.2.4/1.2.7/1.2.8 cross site scripting
8528| [47239] Apache Struts up to 2.1.2 Beta struts directory traversal
8529| [47214] Apachefriends xampp 1.6.8 spoofing
8530| [47213] Apachefriends xampp 1.6.8 htaccess cross site request forgery
8531| [47162] Apachefriends XAMPP 1.4.4 weak authentication
8532| [47065] Apache Tomcat 4.1.23 cross site scripting
8533| [46834] Apache Tomcat up to 5.5.20 cross site scripting
8534| [46004] Apache Jackrabbit 1.4/1.5.0 search.jsp cross site scripting
8535| [49205] Apache Roller 2.3/3.0/3.1/4.0 Search cross site scripting
8536| [86625] Apache Struts directory traversal
8537| [44461] Apache Tomcat up to 5.5.0 information disclosure
8538| [44389] Apache Xerces-C++ XML Parser Memory Consumption denial of service
8539| [44352] Apache Friends XAMPP 1.6.8 adodb.php cross site scripting
8540| [43663] Apache Tomcat up to 6.0.16 directory traversal
8541| [43612] Apache Friends XAMPP 1.6.7 iart.php cross site scripting
8542| [43556] Apache HTTP Server up to 2.1.8 mod_proxy_ftp proxy_ftp.c cross site scripting
8543| [43516] Apache Tomcat up to 4.1.20 directory traversal
8544| [43509] Apache Tomcat up to 6.0.13 cross site scripting
8545| [42637] Apache Tomcat up to 6.0.16 cross site scripting
8546| [42325] Apache HTTP Server up to 2.1.8 Error Page cross site scripting
8547| [41838] Apache-SSL 1.3.34 1.57 expandcert privilege escalation
8548| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
8549| [40924] Apache Tomcat up to 6.0.15 information disclosure
8550| [40923] Apache Tomcat up to 6.0.15 unknown vulnerability
8551| [40922] Apache Tomcat up to 6.0 information disclosure
8552| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
8553| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
8554| [40656] Apache Tomcat 5.5.20 information disclosure
8555| [40503] Apache HTTP Server mod_proxy_ftp cross site scripting
8556| [40502] Apache HTTP Server up to 2.2.5 mod_proxy_balancer memory corruption
8557| [40501] Apache HTTP Server 2.2.6 mod_proxy_balancer cross site request forgery
8558| [40398] Apache HTTP Server up to 2.2 mod_proxy_balancer cross site scripting
8559| [40397] Apache HTTP Server up to 2.2 mod_proxy_balancer balancer_handler denial of service
8560| [40234] Apache Tomcat up to 6.0.15 directory traversal
8561| [40221] Apache HTTP Server 2.2.6 information disclosure
8562| [40027] David Castro Apache Authcas 0.4 sql injection
8563| [3495] Apache OpenOffice up to 2.3 Database Document Processor Designfehler
8564| [3489] Apache HTTP Server 2.x HTTP Header cross site scripting
8565| [3414] Apache Tomcat WebDAV Stored Umgehungs-Angriff
8566| [39489] Apache Jakarta Slide up to 2.1 directory traversal
8567| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
8568| [3310] Apache OpenOffice 1.1.3/2.0.4/2.2.1 TIFF Image Parser Heap-based memory corruption
8569| [38768] Apache HTTP Server up to 2.1.7 mod_autoindex.c cross site scripting
8570| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
8571| [38658] Apache Tomcat 4.1.31 cal2.jsp cross site request forgery
8572| [38524] Apache Geronimo 2.0 unknown vulnerability
8573| [3256] Apache Tomcat up to 6.0.13 cross site scripting
8574| [38331] Apache Tomcat 4.1.24 information disclosure
8575| [38330] Apache Tomcat 4.1.24 information disclosure
8576| [38185] Apache Tomcat 3.3/3.3.1/3.3.1a/3.3.2 Error Message CookieExample cross site scripting
8577| [37967] Apache Tomcat up to 4.1.36 Error Message sendmail.jsp cross site scripting
8578| [37647] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 Authorization unknown vulnerability
8579| [37646] Apache Derby 10.1.1.0/10.1.2.1/10.1.3.1 unknown vulnerability
8580| [3141] Apache Tomcat up to 4.1.31 Accept-Language Header cross site scripting
8581| [3133] Apache Tomcat up to 6.0 HTTP cross site scripting
8582| [37292] Apache Tomcat up to 5.5.1 cross site scripting
8583| [3130] Apache OpenOffice 2.2.1 RTF Document Heap-based memory corruption
8584| [36981] Apache Tomcat JK Web Server Connector up to 1.2.22 mod_jk directory traversal
8585| [36892] Apache Tomcat up to 4.0.0 hello.jsp cross site scripting
8586| [37320] Apache MyFaces Tomahawk up to 1.1.4 cross site scripting
8587| [36697] Apache Tomcat up to 5.5.17 implicit-objects.jsp cross site scripting
8588| [36491] Apache Axis 1.0 Installation javaioFileNotFoundException information disclosure
8589| [36400] Apache Tomcat 5.5.15 mod_jk cross site scripting
8590| [36698] Apache Tomcat up to 4.0.0 cal2.jsp cross site scripting
8591| [36224] XAMPP Apache Distribution up to 1.6.0a adodb.php connect memory corruption
8592| [36225] XAMPP Apache Distribution 1.6.0a sql injection
8593| [2997] Apache httpd/Tomcat 5.5/6.0 directory traversal
8594| [35896] Apache Apache Test up to 1.29 mod_perl denial of service
8595| [35653] Avaya S8300 Cm 3.1.2 Apache Tomcat unknown vulnerability
8596| [35402] Apache Tomcat JK Web Server Connector 1.2.19 mod_jk.so map_uri_to_worker memory corruption
8597| [35067] Apache Stats up to 0.0.2 extract unknown vulnerability
8598| [35025] Apache Stats up to 0.0.3 extract unknown vulnerability
8599| [34252] Apache HTTP Server denial of service
8600| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
8601| [33877] Apache Opentaps 0.9.3 cross site scripting
8602| [33876] Apache Open For Business Project unknown vulnerability
8603| [33875] Apache Open For Business Project cross site scripting
8604| [2703] Apache Jakarta Tomcat up to 5.x der_get_oid() memory corruption
8605| [2611] Apache HTTP Server up to 1.0.1 set_var Format String
8606| [31827] XMB Extreme Message Board up to 1.9.6 Apache HTTP Server memcp.php directory traversal
8607| [2452] Apache HTTP Server up to 2.2.3 on Windows mod_alias unknown vulnerability
8608| [31663] vbPortal Apache HTTP Server index.php directory traversal
8609| [2414] Apache HTTP Server up to 2.2.3 mod_rewrite memory corruption
8610| [2393] Apache HTTP Server up to 2.2.2 HTTP Header cross site scripting
8611| [30623] Apache James 2.2.0 SMTP Server denial of service
8612| [30176] PHP-Fusion up to 6.00.306 Apache HTTP Server .php.gif privilege escalation
8613|
8614| MITRE CVE - https://cve.mitre.org:
8615| [CVE-2013-4156] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.
8616| [CVE-2013-4131] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.
8617| [CVE-2013-3239] phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
8618| [CVE-2013-3060] The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.
8619| [CVE-2013-2765] The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.
8620| [CVE-2013-2251] Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
8621| [CVE-2013-2249] mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.
8622| [CVE-2013-2248] Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the (1) redirect: or (2) redirectAction: prefix.
8623| [CVE-2013-2189] Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.
8624| [CVE-2013-2135] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
8625| [CVE-2013-2134] Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
8626| [CVE-2013-2115] Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
8627| [CVE-2013-2071] java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat 7.x before 7.0.40 does not properly handle the throwing of a RuntimeException in an AsyncListener in an application, which allows context-dependent attackers to obtain sensitive request information intended for other applications in opportunistic circumstances via an application that records the requests that it processes.
8628| [CVE-2013-2067] java/org/apache/catalina/authenticator/FormAuthenticator.java in the form authentication feature in Apache Tomcat 6.0.21 through 6.0.36 and 7.x before 7.0.33 does not properly handle the relationships between authentication requirements and sessions, which allows remote attackers to inject a request into a session by sending this request during completion of the login form, a variant of a session fixation attack.
8629| [CVE-2013-1966] Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
8630| [CVE-2013-1965] Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
8631| [CVE-2013-1896] mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
8632| [CVE-2013-1884] The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.
8633| [CVE-2013-1879] Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."
8634| [CVE-2013-1862] mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
8635| [CVE-2013-1849] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.
8636| [CVE-2013-1847] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist.
8637| [CVE-2013-1846] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL.
8638| [CVE-2013-1845] The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory.
8639| [CVE-2013-1814] The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
8640| [CVE-2013-1777] The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not property implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
8641| [CVE-2013-1768] The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
8642| [CVE-2013-1088] Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 before SP6 Patch 1 allows remote attackers to hijack the authentication of arbitrary users by leveraging improper request validation by iManager code deployed within an Apache Tomcat container.
8643| [CVE-2013-1048] The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.
8644| [CVE-2013-0966] The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
8645| [CVE-2013-0942] Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8646| [CVE-2013-0941] EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.
8647| [CVE-2013-0253] The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
8648| [CVE-2013-0248] The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.
8649| [CVE-2013-0239] Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
8650| [CVE-2012-6573] Cross-site scripting (XSS) vulnerability in the Apache Solr Autocomplete module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving autocomplete results.
8651| [CVE-2012-6551] The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.
8652| [CVE-2012-6092] Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
8653| [CVE-2012-5887] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
8654| [CVE-2012-5886] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
8655| [CVE-2012-5885] The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
8656| [CVE-2012-5786] The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF, possibly 2.6.0, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8657| [CVE-2012-5785] Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8658| [CVE-2012-5784] Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8659| [CVE-2012-5783] Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
8660| [CVE-2012-5633] The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
8661| [CVE-2012-5616] Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
8662| [CVE-2012-5568] Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
8663| [CVE-2012-5351] Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
8664| [CVE-2012-4558] Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
8665| [CVE-2012-4557] The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.
8666| [CVE-2012-4556] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query.
8667| [CVE-2012-4555] The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors.
8668| [CVE-2012-4534] org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
8669| [CVE-2012-4528] The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.
8670| [CVE-2012-4501] Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
8671| [CVE-2012-4460] The serializing/deserializing functions in the qpid::framing::Buffer class in Apache Qpid 0.20 and earlier allow remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. NOTE: this issue could also trigger an out-of-bounds read, but it might not trigger a crash.
8672| [CVE-2012-4459] Integer overflow in the qpid::framing::Buffer::checkAvailable function in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (crash) via a crafted message, which triggers an out-of-bounds read.
8673| [CVE-2012-4458] The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote attackers to cause a denial of service (memory consumption and server crash) via a large number of zero width elements in the client-properties map in a connection.start-ok message.
8674| [CVE-2012-4446] The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.
8675| [CVE-2012-4431] org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
8676| [CVE-2012-4418] Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
8677| [CVE-2012-4387] Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
8678| [CVE-2012-4386] The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks by setting the token name configuration parameter to a session attribute.
8679| [CVE-2012-4360] Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8680| [CVE-2012-4063] The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors.
8681| [CVE-2012-4001] The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
8682| [CVE-2012-3908] Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE Administrator user interface (aka the Apache Tomcat interface) on Cisco Identity Services Engine (ISE) 3300 series appliances before 1.1.0.665 Cumulative Patch 1 allow remote attackers to hijack the authentication of administrators, aka Bug ID CSCty46684.
8683| [CVE-2012-3546] org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
8684| [CVE-2012-3544] Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
8685| [CVE-2012-3526] The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.
8686| [CVE-2012-3513] munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
8687| [CVE-2012-3506] Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
8688| [CVE-2012-3502] The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp module and (2) mod_proxy_http.c in the mod_proxy_http module in the Apache HTTP Server 2.4.x before 2.4.3 does not properly determine the situations that require closing a back-end connection, which allows remote attackers to obtain sensitive information in opportunistic circumstances by reading a response that was intended for a different client.
8689| [CVE-2012-3499] Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.
8690| [CVE-2012-3467] Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote attackers to bypass authentication.
8691| [CVE-2012-3451] Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
8692| [CVE-2012-3446] Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
8693| [CVE-2012-3376] DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and have other unspecified impacts.
8694| [CVE-2012-3373] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequence in an Ajax link URL associated with a Wicket app.
8695| [CVE-2012-3126] Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent.
8696| [CVE-2012-3123] Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server.
8697| [CVE-2012-2760] mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.
8698| [CVE-2012-2733] java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
8699| [CVE-2012-2687] Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.
8700| [CVE-2012-2381] Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
8701| [CVE-2012-2380] Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.
8702| [CVE-2012-2379] Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
8703| [CVE-2012-2378] Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
8704| [CVE-2012-2329] Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request.
8705| [CVE-2012-2145] Apache Qpid 0.17 and earlier does not properly restrict incoming client connections, which allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of incomplete connections.
8706| [CVE-2012-2138] The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request.
8707| [CVE-2012-2098] Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
8708| [CVE-2012-1574] The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote authenticated users to impersonate arbitrary cluster user accounts via unspecified vectors.
8709| [CVE-2012-1181] fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.
8710| [CVE-2012-1089] Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 and 1.5.x before 1.5.5 allows remote attackers to read arbitrary web-application files via a relative pathname in a URL for a Wicket resource that corresponds to a null package.
8711| [CVE-2012-1007] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.
8712| [CVE-2012-1006] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.
8713| [CVE-2012-0883] envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.
8714| [CVE-2012-0840] tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
8715| [CVE-2012-0838] Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows remote attackers to modify run-time data values, and consequently execute arbitrary code, via invalid input to a field.
8716| [CVE-2012-0788] The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
8717| [CVE-2012-0394] ** DISPUTED ** The DebuggingInterceptor component in Apache Struts before 2.3.1.1, when developer mode is used, allows remote attackers to execute arbitrary commands via unspecified vectors. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself."
8718| [CVE-2012-0393] The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted parameter that triggers the creation of a Java object.
8719| [CVE-2012-0392] The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.
8720| [CVE-2012-0391] The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter.
8721| [CVE-2012-0256] Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.
8722| [CVE-2012-0216] The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.
8723| [CVE-2012-0213] The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
8724| [CVE-2012-0053] protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
8725| [CVE-2012-0047] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter.
8726| [CVE-2012-0031] scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
8727| [CVE-2012-0022] Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
8728| [CVE-2012-0021] The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.
8729| [CVE-2011-5064] DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
8730| [CVE-2011-5063] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
8731| [CVE-2011-5062] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
8732| [CVE-2011-5057] Apache Struts 2.3.1.1 and earlier provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor."
8733| [CVE-2011-5034] Apache Geronimo 2.2.1 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. NOTE: this might overlap CVE-2011-4461.
8734| [CVE-2011-4905] Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.
8735| [CVE-2011-4858] Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
8736| [CVE-2011-4668] IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server.
8737| [CVE-2011-4449] actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
8738| [CVE-2011-4415] The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.
8739| [CVE-2011-4317] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8740| [CVE-2011-3639] The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
8741| [CVE-2011-3620] Apache Qpid 0.12 does not properly verify credentials during the joining of a cluster, which allows remote attackers to obtain access to the messaging functionality and job functionality of a cluster by leveraging knowledge of a cluster-username.
8742| [CVE-2011-3607] Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.
8743| [CVE-2011-3376] org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
8744| [CVE-2011-3375] Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
8745| [CVE-2011-3368] The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
8746| [CVE-2011-3348] The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
8747| [CVE-2011-3192] The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
8748| [CVE-2011-3190] Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
8749| [CVE-2011-2729] native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
8750| [CVE-2011-2712] Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.18, when setAutomaticMultiWindowSupport is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
8751| [CVE-2011-2688] SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
8752| [CVE-2011-2526] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
8753| [CVE-2011-2516] Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.
8754| [CVE-2011-2481] Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application. NOTE: this vulnerability exists because of a CVE-2009-0783 regression.
8755| [CVE-2011-2329] The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730.
8756| [CVE-2011-2204] Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
8757| [CVE-2011-2088] XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3.
8758| [CVE-2011-2087] Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.
8759| [CVE-2011-1928] The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.
8760| [CVE-2011-1921] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
8761| [CVE-2011-1783] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is enabled, allows remote attackers to cause a denial of service (infinite loop and memory consumption) in opportunistic circumstances by requesting data.
8762| [CVE-2011-1772] Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) an action name, (2) the action attribute of an s:submit element, or (3) the method attribute of an s:submit element.
8763| [CVE-2011-1752] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.17, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request for a baselined WebDAV resource, as exploited in the wild in May 2011.
8764| [CVE-2011-1610] Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
8765| [CVE-2011-1582] Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419.
8766| [CVE-2011-1571] Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
8767| [CVE-2011-1570] Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
8768| [CVE-2011-1503] The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
8769| [CVE-2011-1502] Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
8770| [CVE-2011-1498] Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
8771| [CVE-2011-1475] The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."
8772| [CVE-2011-1419] Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
8773| [CVE-2011-1318] Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) by accessing a JSP page of an application that is repeatedly stopped and restarted.
8774| [CVE-2011-1184] The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
8775| [CVE-2011-1183] Apache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.
8776| [CVE-2011-1176] The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
8777| [CVE-2011-1088] Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application.
8778| [CVE-2011-1077] Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8779| [CVE-2011-1026] Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.
8780| [CVE-2011-0715] The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.
8781| [CVE-2011-0534] Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
8782| [CVE-2011-0533] Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta
8783| [CVE-2011-0419] Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
8784| [CVE-2011-0013] Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
8785| [CVE-2010-4644] Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.
8786| [CVE-2010-4539] The walk function in repos.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger the walking of SVNParentPath collections.
8787| [CVE-2010-4476] The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.
8788| [CVE-2010-4455] Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.2 and 11.1.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Apache Plugin.
8789| [CVE-2010-4408] Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449.
8790| [CVE-2010-4312] The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
8791| [CVE-2010-4172] Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
8792| [CVE-2010-3872] The fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.6 for the Apache HTTP Server does not use bytewise pointer arithmetic in certain circumstances, which has unspecified impact and attack vectors related to "untrusted FastCGI applications" and a "stack buffer overwrite."
8793| [CVE-2010-3863] Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.
8794| [CVE-2010-3854] Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8795| [CVE-2010-3718] Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
8796| [CVE-2010-3449] Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1
8797| [CVE-2010-3315] authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
8798| [CVE-2010-3083] sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake.
8799| [CVE-2010-2952] Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, does not properly choose DNS source ports and transaction IDs, and does not properly use DNS query fields to validate responses, which makes it easier for man-in-the-middle attackers to poison the internal DNS cache via a crafted response.
8800| [CVE-2010-2791] mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.
8801| [CVE-2010-2375] Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
8802| [CVE-2010-2234] Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL.
8803| [CVE-2010-2227] Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
8804| [CVE-2010-2103] Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
8805| [CVE-2010-2086] Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
8806| [CVE-2010-2076] Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.
8807| [CVE-2010-2068] mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.
8808| [CVE-2010-2057] shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
8809| [CVE-2010-1632] Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server (WAS) 7.0 through 7.0.0.12, IBM Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, IBM Feature Pack for Web 2.0 1.0.1.0, Apache Synapse, Apache ODE, Apache Tuscany, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to the Synapse SimpleStockQuoteService.
8810| [CVE-2010-1623] Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
8811| [CVE-2010-1587] The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.
8812| [CVE-2010-1452] The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
8813| [CVE-2010-1325] Cross-site request forgery (CSRF) vulnerability in the apache2-slms package in SUSE Lifecycle Management Server (SLMS) 1.0 on SUSE Linux Enterprise (SLE) 11 allows remote attackers to hijack the authentication of unspecified victims via vectors related to improper parameter quoting. NOTE: some sources report that this is a vulnerability in a product named "Apache SLMS," but that is incorrect.
8814| [CVE-2010-1244] Cross-site request forgery (CSRF) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote attackers to hijack the authentication of unspecified victims for requests that create queues via the JMSDestination parameter in a queue action.
8815| [CVE-2010-1157] Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
8816| [CVE-2010-1151] Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.
8817| [CVE-2010-0684] Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
8818| [CVE-2010-0434] The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
8819| [CVE-2010-0432] Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
8820| [CVE-2010-0425] modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
8821| [CVE-2010-0408] The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.
8822| [CVE-2010-0390] Unrestricted file upload vulnerability in maxImageUpload/index.php in PHP F1 Max's Image Uploader 1.0, when Apache is not configured to handle the mime-type for files with pjpeg or jpeg extensions, allows remote attackers to execute arbitrary code by uploading a file with a pjpeg or jpeg extension, then accessing it via a direct request to the file in original/. NOTE: some of these details are obtained from third party information.
8823| [CVE-2010-0219] Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
8824| [CVE-2010-0010] Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a large chunk size that triggers a heap-based buffer overflow.
8825| [CVE-2010-0009] Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.
8826| [CVE-2009-5120] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 allows connections to TCP port 1812 from arbitrary source IP addresses, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 text to the 404 error page of a Project Woodstock service on this port.
8827| [CVE-2009-5119] The default configuration of Apache Tomcat in Websense Manager in Websense Web Security 7.0 and Web Filter 7.0 enables weak SSL ciphers in conf/server.xml, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and then conducting a brute-force attack against encrypted session data.
8828| [CVE-2009-5006] The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in broker/SessionAdapter.cpp in the C++ Broker component in Apache Qpid before 0.6, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote authenticated users to cause a denial of service (NULL pointer dereference, daemon crash, and cluster outage) by attempting to modify the alternate of an exchange.
8829| [CVE-2009-5005] The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache Qpid, as used in Red Hat Enterprise MRG before 1.3 and other products, allows remote attackers to cause a denial of service (daemon crash and cluster outage) via invalid AMQP data.
8830| [CVE-2009-4355] Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.
8831| [CVE-2009-4269] The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
8832| [CVE-2009-3923] The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop Infrastructure (VDI) 3.0 does not require authentication, which allows remote attackers to obtain unspecified access via vectors involving requests to an Apache HTTP Server.
8833| [CVE-2009-3890] Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.
8834| [CVE-2009-3843] HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
8835| [CVE-2009-3821] Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8836| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
8837| [CVE-2009-3548] The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
8838| [CVE-2009-3250] The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
8839| [CVE-2009-3095] The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
8840| [CVE-2009-3094] The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.
8841| [CVE-2009-2902] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
8842| [CVE-2009-2901] The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
8843| [CVE-2009-2823] The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
8844| [CVE-2009-2699] The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.
8845| [CVE-2009-2696] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
8846| [CVE-2009-2693] Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
8847| [CVE-2009-2625] XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
8848| [CVE-2009-2412] Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR
8849| [CVE-2009-2299] The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.
8850| [CVE-2009-1956] Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.
8851| [CVE-2009-1955] The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
8852| [CVE-2009-1903] The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
8853| [CVE-2009-1891] The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).
8854| [CVE-2009-1890] The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.
8855| [CVE-2009-1885] Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
8856| [CVE-2009-1462] The Security Manager in razorCMS before 0.4 does not verify the permissions of every file owned by the apache user account, which is inconsistent with the documentation and allows local users to have an unspecified impact.
8857| [CVE-2009-1275] Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.
8858| [CVE-2009-1195] The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
8859| [CVE-2009-1191] mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
8860| [CVE-2009-1012] Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.
8861| [CVE-2009-0918] Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
8862| [CVE-2009-0796] Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.
8863| [CVE-2009-0783] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
8864| [CVE-2009-0781] Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
8865| [CVE-2009-0754] PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
8866| [CVE-2009-0580] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
8867| [CVE-2009-0486] Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
8868| [CVE-2009-0039] Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown.
8869| [CVE-2009-0038] Multiple cross-site scripting (XSS) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) ip, (3) username, or (4) description parameter to console/portal/Server/Monitoring
8870| [CVE-2009-0033] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
8871| [CVE-2009-0026] Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
8872| [CVE-2009-0023] The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.
8873| [CVE-2008-6879] Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.
8874| [CVE-2008-6755] ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.
8875| [CVE-2008-6722] Novell Access Manager 3 SP4 does not properly expire X.509 certificate sessions, which allows physically proximate attackers to obtain a logged-in session by using a victim's web-browser process that continues to send the original and valid SSL sessionID, related to inability of Apache Tomcat to clear entries from its SSL cache.
8876| [CVE-2008-6682] Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.
8877| [CVE-2008-6505] Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.
8878| [CVE-2008-6504] ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and 2.1.x before 2.1.2, as used in Apache Struts and other products, does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
8879| [CVE-2008-5696] Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
8880| [CVE-2008-5676] Multiple unspecified vulnerabilities in the ModSecurity (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when SecCacheTransformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."
8881| [CVE-2008-5519] The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
8882| [CVE-2008-5518] Multiple directory traversal vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 on Windows allow remote attackers to upload files to arbitrary directories via directory traversal sequences in the (1) group, (2) artifact, (3) version, or (4) fileType parameter to console/portal//Services/Repository (aka the Services/Repository portlet)
8883| [CVE-2008-5515] Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
8884| [CVE-2008-5457] Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
8885| [CVE-2008-4308] The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request.
8886| [CVE-2008-4008] Unspecified vulnerability in the WebLogic Server Plugins for Apache component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a stack-based buffer overflow in the WebLogic Apache Connector, related to an invalid parameter.
8887| [CVE-2008-3666] Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured
8888| [CVE-2008-3271] Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.
8889| [CVE-2008-3257] Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
8890| [CVE-2008-2939] Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.
8891| [CVE-2008-2938] Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
8892| [CVE-2008-2742] Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
8893| [CVE-2008-2717] TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
8894| [CVE-2008-2579] Unspecified vulnerability in the WebLogic Server Plugins for Apache, Sun and IIS web servers component in Oracle BEA Product Suite 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, and 6.1 SP7 has unknown impact and remote attack vectors.
8895| [CVE-2008-2384] SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
8896| [CVE-2008-2370] Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
8897| [CVE-2008-2364] The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
8898| [CVE-2008-2168] Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
8899| [CVE-2008-2025] Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."
8900| [CVE-2008-1947] Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
8901| [CVE-2008-1734] Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
8902| [CVE-2008-1678] Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm.
8903| [CVE-2008-1232] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
8904| [CVE-2008-0869] Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
8905| [CVE-2008-0732] The init script for Apache Geronimo on SUSE Linux follows symlinks when performing a chown operation, which might allow local users to obtain access to unspecified files or directories.
8906| [CVE-2008-0555] The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 does not properly handle (1) '/' and (2) '=' characters in a Distinguished Name (DN) in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables.
8907| [CVE-2008-0457] Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
8908| [CVE-2008-0456] CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8909| [CVE-2008-0455] Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
8910| [CVE-2008-0128] The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
8911| [CVE-2008-0005] mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.
8912| [CVE-2008-0002] Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context of the wrong request when an exception occurs during parameter processing, which might allow remote attackers to obtain sensitive information, as demonstrated by disconnecting during this processing in order to trigger the exception.
8913| [CVE-2007-6750] The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.
8914| [CVE-2007-6726] Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.
8915| [CVE-2007-6514] Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
8916| [CVE-2007-6423] ** DISPUTED ** Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue.
8917| [CVE-2007-6422] The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.
8918| [CVE-2007-6421] Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
8919| [CVE-2007-6420] Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
8920| [CVE-2007-6388] Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8921| [CVE-2007-6361] Gekko 0.8.2 and earlier stores sensitive information under the web root with possibly insufficient access control, which might allow remote attackers to read certain files under temp/, as demonstrated by a log file that records the titles of blog entries. NOTE: access to temp/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8922| [CVE-2007-6342] SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
8923| [CVE-2007-6286] Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
8924| [CVE-2007-6258] Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header.
8925| [CVE-2007-6231] Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the tm_includepath parameter to (1) Classes.inc.php, (2) statistic.inc.php, (3) status.inc.php, (4) status_top_x.inc.php, or (5) libchart-1.1/libchart.php in include/. NOTE: access to include/ is blocked by .htaccess in most deployments that use Apache HTTP Server.
8926| [CVE-2007-6203] Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
8927| [CVE-2007-5797] SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
8928| [CVE-2007-5731] Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
8929| [CVE-2007-5461] Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
8930| [CVE-2007-5342] The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.
8931| [CVE-2007-5333] Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
8932| [CVE-2007-5156] Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
8933| [CVE-2007-5085] Unspecified vulnerability in the management EJB (MEJB) in Apache Geronimo before 2.0.2 allows remote attackers to bypass authentication and obtain "access to Geronimo internals" via unspecified vectors.
8934| [CVE-2007-5000] Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8935| [CVE-2007-4724] Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the calendar examples application in Apache Tomcat 4.1.31 allows remote attackers to add events as arbitrary users via the time and description parameters.
8936| [CVE-2007-4723] Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
8937| [CVE-2007-4641] Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting code into an Apache log file.
8938| [CVE-2007-4556] Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via form input beginning with a "%{" sequence and ending with a "}" character.
8939| [CVE-2007-4548] The login method in LoginModule implementations in Apache Geronimo 2.0 does not throw FailedLoginException for failed logins, which allows remote attackers to bypass authentication requirements, deploy arbitrary modules, and gain administrative access by sending a blank username and password with the command line deployer in the deployment module.
8940| [CVE-2007-4465] Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
8941| [CVE-2007-3847] The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.
8942| [CVE-2007-3571] The Apache Web Server as used in Novell NetWare 6.5 and GroupWise allows remote attackers to obtain sensitive information via a certain directive to Apache that causes the HTTP-Header response to be modified, which may reveal the server's internal IP address.
8943| [CVE-2007-3386] Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
8944| [CVE-2007-3385] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
8945| [CVE-2007-3384] Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error messages.
8946| [CVE-2007-3383] Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
8947| [CVE-2007-3382] Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
8948| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
8949| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
8950| [CVE-2007-3101] Multiple cross-site scripting (XSS) vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client.
8951| [CVE-2007-2450] Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
8952| [CVE-2007-2449] Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the '
8953| [CVE-2007-2353] Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
8954| [CVE-2007-2025] Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file.
8955| [CVE-2007-1863] cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.
8956| [CVE-2007-1862] The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.
8957| [CVE-2007-1860] mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.
8958| [CVE-2007-1858] The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers, including the anonymous cipher, which allows remote attackers to obtain sensitive information or have other, unspecified impacts.
8959| [CVE-2007-1842] Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.
8960| [CVE-2007-1801] Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by inc/lang.php.
8961| [CVE-2007-1743] suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.
8962| [CVE-2007-1742] suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8963| [CVE-2007-1741] Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."
8964| [CVE-2007-1720] Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.
8965| [CVE-2007-1636] Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
8966| [CVE-2007-1633] Directory traversal vulnerability in bbcode_ref.php in the Giorgio Ciranni Splatt Forum 4.0 RC1 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode_ref.php.
8967| [CVE-2007-1577] Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8968| [CVE-2007-1539] Directory traversal vulnerability in inc/map.func.php in pragmaMX Landkarten 2.1 module allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the module_name parameter, as demonstrated via a static PHP code injection attack in an Apache log file.
8969| [CVE-2007-1524] Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
8970| [CVE-2007-1491] Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and Avaya SES allows connections from external interfaces via port 8009, which exposes it to attacks from outside parties.
8971| [CVE-2007-1358] Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
8972| [CVE-2007-1349] PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.
8973| [CVE-2007-0975] Variable extraction vulnerability in Ian Bezanson Apache Stats before 0.0.3 beta allows attackers to overwrite critical variables, with unknown impact, when the extract function is used on the _REQUEST superglobal array.
8974| [CVE-2007-0930] Variable extract vulnerability in Apache Stats before 0.0.3beta allows attackers to modify arbitrary variables and conduct attacks via unknown vectors involving the use of PHP's extract function.
8975| [CVE-2007-0792] The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file.
8976| [CVE-2007-0774] Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
8977| [CVE-2007-0637] Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.
8978| [CVE-2007-0451] Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."
8979| [CVE-2007-0450] Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
8980| [CVE-2007-0419] The BEA WebLogic Server proxy plug-in before June 2006 for the Apache HTTP Server does not properly handle protocol errors, which allows remote attackers to cause a denial of service (server outage).
8981| [CVE-2007-0173] Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when register_globals is enabled and magic_quotes is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8982| [CVE-2007-0098] Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8983| [CVE-2007-0086] ** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
8984| [CVE-2006-7217] Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
8985| [CVE-2006-7216] Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
8986| [CVE-2006-7197] The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for chunks, which can cause a buffer over-read in the ajp_process_callback in mod_jk, which allows remote attackers to read portions of sensitive memory.
8987| [CVE-2006-7196] Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
8988| [CVE-2006-7195] Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values.
8989| [CVE-2006-7098] The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
8990| [CVE-2006-6869] Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8991| [CVE-2006-6675] Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecifeid parameters in Welcome web-app.
8992| [CVE-2006-6613] Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in the pa_lang[include_file] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
8993| [CVE-2006-6589] Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. NOTE: some of these details are obtained from third party information.
8994| [CVE-2006-6588] The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown impact.
8995| [CVE-2006-6587] Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
8996| [CVE-2006-6445] Directory traversal vulnerability in error.php in Envolution 1.1.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
8997| [CVE-2006-6071] TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
8998| [CVE-2006-6047] Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
8999| [CVE-2006-5894] Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by lang.php.
9000| [CVE-2006-5752] Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified.
9001| [CVE-2006-5733] Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang (PNSV lang) cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
9002| [CVE-2006-5263] Directory traversal vulnerability in templates/header.php3 in phpMyAgenda 3.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter, as demonstrated by a parameter value naming an Apache HTTP Server log file that apparently contains PHP code.
9003| [CVE-2006-4994] Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
9004| [CVE-2006-4636] Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
9005| [CVE-2006-4625] PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
9006| [CVE-2006-4558] DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
9007| [CVE-2006-4191] Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by header.php.
9008| [CVE-2006-4154] Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c.
9009| [CVE-2006-4110] Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
9010| [CVE-2006-4004] Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
9011| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
9012| [CVE-2006-3835] Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (
9013| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
9014| [CVE-2006-3362] Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
9015| [CVE-2006-3102] Race condition in articles/BitArticle.php in Bitweaver 1.3, when run on Apache with the mod_mime extension, allows remote attackers to execute arbitrary PHP code by uploading arbitrary files with double extensions, which are stored for a small period of time under the webroot in the temp/articles directory.
9016| [CVE-2006-3070] write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
9017| [CVE-2006-2831] Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743.
9018| [CVE-2006-2806] The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
9019| [CVE-2006-2743] Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
9020| [CVE-2006-2514] Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
9021| [CVE-2006-2330] PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
9022| [CVE-2006-1777] Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
9023| [CVE-2006-1564] Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
9024| [CVE-2006-1548] Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
9025| [CVE-2006-1547] ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
9026| [CVE-2006-1546] Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
9027| [CVE-2006-1393] Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
9028| [CVE-2006-1346] Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
9029| [CVE-2006-1292] Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
9030| [CVE-2006-1243] Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php.
9031| [CVE-2006-1095] Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
9032| [CVE-2006-1079] htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9033| [CVE-2006-1078] Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
9034| [CVE-2006-0743] Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
9035| [CVE-2006-0254] Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.
9036| [CVE-2006-0150] Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.
9037| [CVE-2006-0144] The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.
9038| [CVE-2006-0042] Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.
9039| [CVE-2005-4857] eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
9040| [CVE-2005-4849] Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
9041| [CVE-2005-4836] The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
9042| [CVE-2005-4814] Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.
9043| [CVE-2005-4703] Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
9044| [CVE-2005-3745] Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.
9045| [CVE-2005-3630] Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
9046| [CVE-2005-3510] Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
9047| [CVE-2005-3392] Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
9048| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
9049| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
9050| [CVE-2005-3319] The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
9051| [CVE-2005-3164] The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
9052| [CVE-2005-2970] Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.
9053| [CVE-2005-2963] The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
9054| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
9055| [CVE-2005-2660] apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.
9056| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
9057| [CVE-2005-1754] ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9058| [CVE-2005-1753] ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."
9059| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9060| [CVE-2005-1268] Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
9061| [CVE-2005-1266] Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
9062| [CVE-2005-0808] Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
9063| [CVE-2005-0182] The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.
9064| [CVE-2005-0108] Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
9065| [CVE-2004-2734] webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9066| [CVE-2004-2680] mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
9067| [CVE-2004-2650] Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
9068| [CVE-2004-2343] ** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
9069| [CVE-2004-2336] Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server.
9070| [CVE-2004-2115] Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
9071| [CVE-2004-1834] mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
9072| [CVE-2004-1765] Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
9073| [CVE-2004-1545] UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
9074| [CVE-2004-1438] The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.
9075| [CVE-2004-1405] MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9076| [CVE-2004-1404] Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.
9077| [CVE-2004-1387] The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
9078| [CVE-2004-1084] Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9079| [CVE-2004-1083] Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
9080| [CVE-2004-1082] mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
9081| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
9082| [CVE-2004-0940] Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
9083| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
9084| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
9085| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
9086| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
9087| [CVE-2004-0751] The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
9088| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
9089| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
9090| [CVE-2004-0700] Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
9091| [CVE-2004-0646] Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
9092| [CVE-2004-0529] The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
9093| [CVE-2004-0493] The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
9094| [CVE-2004-0492] Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
9095| [CVE-2004-0490] cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
9096| [CVE-2004-0488] Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.
9097| [CVE-2004-0263] PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
9098| [CVE-2004-0174] Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
9099| [CVE-2004-0173] Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
9100| [CVE-2004-0113] Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
9101| [CVE-2004-0009] Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
9102| [CVE-2003-1581] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9103| [CVE-2003-1580] The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
9104| [CVE-2003-1573] The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
9105| [CVE-2003-1521] Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
9106| [CVE-2003-1516] The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
9107| [CVE-2003-1502] mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
9108| [CVE-2003-1418] Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child proccess IDs (PID).
9109| [CVE-2003-1307] ** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP."
9110| [CVE-2003-1172] Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
9111| [CVE-2003-1171] Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
9112| [CVE-2003-1138] The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
9113| [CVE-2003-1054] mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference.
9114| [CVE-2003-0993] mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
9115| [CVE-2003-0987] mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
9116| [CVE-2003-0866] The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
9117| [CVE-2003-0844] mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
9118| [CVE-2003-0843] Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an "Accept-Encoding: gzip" header.
9119| [CVE-2003-0789] mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
9120| [CVE-2003-0771] Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.
9121| [CVE-2003-0658] Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.
9122| [CVE-2003-0542] Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.
9123| [CVE-2003-0460] The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service.
9124| [CVE-2003-0254] Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.
9125| [CVE-2003-0253] The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
9126| [CVE-2003-0249] ** DISPUTED ** PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report."
9127| [CVE-2003-0245] Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
9128| [CVE-2003-0192] Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.
9129| [CVE-2003-0189] The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.
9130| [CVE-2003-0134] Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.
9131| [CVE-2003-0132] A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
9132| [CVE-2003-0083] Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.
9133| [CVE-2003-0020] Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
9134| [CVE-2003-0017] Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
9135| [CVE-2003-0016] Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
9136| [CVE-2002-2310] ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.
9137| [CVE-2002-2309] php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
9138| [CVE-2002-2272] Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
9139| [CVE-2002-2103] Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
9140| [CVE-2002-2029] PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
9141| [CVE-2002-2012] Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
9142| [CVE-2002-2009] Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.
9143| [CVE-2002-2008] Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
9144| [CVE-2002-2007] The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.
9145| [CVE-2002-2006] The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
9146| [CVE-2002-1895] The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using IIS and the ajp1.3 connector, allows remote attackers to cause a denial of service (crash) via a large number of HTTP GET requests for an MS-DOS device such as AUX, LPT1, CON, or PRN.
9147| [CVE-2002-1850] mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.
9148| [CVE-2002-1793] HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS (VVOS) 4.5 through 4.6 closes the connection when the Apache server times out during an SSL request, which may allow attackers to cause a denial of service.
9149| [CVE-2002-1658] Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
9150| [CVE-2002-1635] The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
9151| [CVE-2002-1593] mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.
9152| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
9153| [CVE-2002-1567] Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
9154| [CVE-2002-1394] Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
9155| [CVE-2002-1233] A regression error in the Debian distributions of the apache-ssl package (before 1.3.9 on Debian 2.2, and before 1.3.26 on Debian 3.0), for Apache 1.3.27 and earlier, allows local users to read or modify the Apache password file via a symlink attack on temporary files when the administrator runs (1) htpasswd or (2) htdigest, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2001-0131.
9156| [CVE-2002-1157] Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
9157| [CVE-2002-1156] Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
9158| [CVE-2002-1148] The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
9159| [CVE-2002-0935] Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
9160| [CVE-2002-0843] Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
9161| [CVE-2002-0840] Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
9162| [CVE-2002-0839] The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
9163| [CVE-2002-0682] Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
9164| [CVE-2002-0661] Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
9165| [CVE-2002-0658] OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
9166| [CVE-2002-0654] Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
9167| [CVE-2002-0653] Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
9168| [CVE-2002-0513] The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
9169| [CVE-2002-0493] Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
9170| [CVE-2002-0392] Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
9171| [CVE-2002-0259] InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.
9172| [CVE-2002-0249] PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.
9173| [CVE-2002-0240] PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.
9174| [CVE-2002-0082] The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
9175| [CVE-2002-0061] Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
9176| [CVE-2001-1556] The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.
9177| [CVE-2001-1534] mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.
9178| [CVE-2001-1510] Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
9179| [CVE-2001-1449] The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
9180| [CVE-2001-1385] The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
9181| [CVE-2001-1342] Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
9182| [CVE-2001-1217] Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
9183| [CVE-2001-1216] Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
9184| [CVE-2001-1072] Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
9185| [CVE-2001-1013] Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server.
9186| [CVE-2001-0925] The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.
9187| [CVE-2001-0829] A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
9188| [CVE-2001-0766] Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
9189| [CVE-2001-0731] Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
9190| [CVE-2001-0730] split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
9191| [CVE-2001-0729] Apache 1.3.20 on Windows servers allows remote attackers to bypass the default index page and list directory contents via a URL with a large number of / (slash) characters.
9192| [CVE-2001-0590] Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
9193| [CVE-2001-0131] htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.
9194| [CVE-2001-0108] PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
9195| [CVE-2001-0042] PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
9196| [CVE-2000-1247] The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI.
9197| [CVE-2000-1210] Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
9198| [CVE-2000-1206] Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.
9199| [CVE-2000-1205] Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
9200| [CVE-2000-1204] Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.
9201| [CVE-2000-1168] IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
9202| [CVE-2000-1016] The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
9203| [CVE-2000-0913] mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
9204| [CVE-2000-0883] The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
9205| [CVE-2000-0869] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method.
9206| [CVE-2000-0868] The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
9207| [CVE-2000-0791] Trustix installs the httpsd program for Apache-SSL with world-writeable permissions, which allows local users to replace it with a Trojan horse.
9208| [CVE-2000-0760] The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
9209| [CVE-2000-0759] Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
9210| [CVE-2000-0628] The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
9211| [CVE-2000-0505] The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
9212| [CVE-1999-1412] A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
9213| [CVE-1999-1293] mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause a denial of service via malformed FTP commands, which causes Apache to dump core.
9214| [CVE-1999-1237] Multiple buffer overflows in smbvalid/smbval SMB authentication library, as used in Apache::AuthenSmb and possibly other modules, allows remote attackers to execute arbitrary commands via (1) a long username, (2) a long password, and (3) other unspecified methods.
9215| [CVE-1999-1199] Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
9216| [CVE-1999-1053] guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
9217| [CVE-1999-0926] Apache allows remote attackers to conduct a denial of service via a large number of MIME headers.
9218| [CVE-1999-0678] A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
9219| [CVE-1999-0448] IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
9220| [CVE-1999-0289] The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
9221| [CVE-1999-0236] ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
9222| [CVE-1999-0107] Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
9223| [CVE-1999-0071] Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
9224|
9225| SecurityFocus - https://www.securityfocus.com/bid/:
9226| [104554] Apache HBase CVE-2018-8025 Security Bypass Vulnerability
9227| [104465] Apache Geode CVE-2017-15695 Remote Code Execution Vulnerability
9228| [104418] Apache Storm CVE-2018-8008 Arbitrary File Write Vulnerability
9229| [104399] Apache Storm CVE-2018-1332 User Impersonation Vulnerability
9230| [104348] Apache UIMA CVE-2017-15691 XML External Entity Injection Vulnerability
9231| [104313] Apache NiFi XML External Entity Injection and Denial of Service Vulnerability
9232| [104259] Apache Geode CVE-2017-12622 Authorization Bypass Vulnerability
9233| [104257] Apache Sling XSS Protection API CVE-2017-15717 Cross Site Scripting Vulnerability
9234| [104253] Apache ZooKeeper CVE-2018-8012 Security Bypass Vulnerability
9235| [104252] Apache Batik CVE-2018-8013 Information Disclosure Vulnerability
9236| [104239] Apache Solr CVE-2018-8010 XML External Entity Multiple Information Disclosure Vulnerabilities
9237| [104215] Apache ORC CVE-2018-8015 Denial of Service Vulnerability
9238| [104203] Apache Tomcat CVE-2018-8014 Security Bypass Vulnerability
9239| [104161] Apache Ambari CVE-2018-8003 Directory Traversal Vulnerability
9240| [104140] Apache Derby CVE-2018-1313 Security Bypass Vulnerability
9241| [104135] Apache Tika CVE-2018-1338 Denial of Service Vulnerability
9242| [104008] Apache Fineract CVE-2018-1291 SQL Injection Vulnerability
9243| [104007] Apache Fineract CVE-2018-1292 SQL Injection Vulnerability
9244| [104005] Apache Fineract CVE-2018-1289 SQL Injection Vulnerability
9245| [104001] Apache Tika CVE-2018-1335 Remote Command Injection Vulnerability
9246| [103975] Apache Fineract CVE-2018-1290 SQL Injection Vulnerability
9247| [103974] Apache Solr CVE-2018-1308 XML External Entity Injection Vulnerability
9248| [103772] Apache Traffic Server CVE-2017-7671 Denial of Service Vulnerability
9249| [103770] Apache Traffic Server CVE-2017-5660 Security Bypass Vulnerability
9250| [103751] Apache Hive CVE-2018-1282 SQL Injection Vulnerability
9251| [103750] Apache Hive CVE-2018-1284 Security Bypass Vulnerability
9252| [103692] Apache Ignite CVE-2018-1295 Arbitrary Code Execution Vulnerability
9253| [103528] Apache HTTP Server CVE-2018-1302 Denial of Service Vulnerability
9254| [103525] Apache HTTP Server CVE-2017-15715 Remote Security Bypass Vulnerability
9255| [103524] Apache HTTP Server CVE-2018-1312 Remote Security Bypass Vulnerability
9256| [103522] Apache HTTP Server CVE-2018-1303 Denial of Service Vulnerability
9257| [103520] Apache HTTP Server CVE-2018-1283 Remote Security Vulnerability
9258| [103516] Apache Struts CVE-2018-1327 Denial of Service Vulnerability
9259| [103515] Apache HTTP Server CVE-2018-1301 Denial of Service Vulnerability
9260| [103512] Apache HTTP Server CVE-2017-15710 Denial of Service Vulnerability
9261| [103508] Apache Syncope CVE-2018-1321 Multiple Remote Code Execution Vulnerabilities
9262| [103507] Apache Syncope CVE-2018-1322 Multiple Information Disclosure Vulnerabilities
9263| [103490] Apache Commons Compress CVE-2018-1324 Multiple Denial Of Service Vulnerabilities
9264| [103434] APACHE Allura CVE-2018-1319 HTTP Response Splitting Vulnerability
9265| [103389] Apache Tomcat JK Connector CVE-2018-1323 Directory Traversal Vulnerability
9266| [103222] Apache CloudStack CVE-2013-4317 Information Disclosure Vulnerability
9267| [103219] Apache Xerces-C CVE-2017-12627 Null Pointer Dereference Denial of Service Vulnerability
9268| [103206] Apache Geode CVE-2017-15693 Remote Code Execution Vulnerability
9269| [103205] Apache Geode CVE-2017-15692 Remote Code Execution Vulnerability
9270| [103170] Apache Tomcat CVE-2018-1304 Security Bypass Vulnerability
9271| [103144] Apache Tomcat CVE-2018-1305 Security Bypass Vulnerability
9272| [103102] Apache Oozie CVE-2017-15712 Information Disclosure Vulnerability
9273| [103098] Apache Karaf CVE-2016-8750 LDAP Injection Vulnerability
9274| [103069] Apache Tomcat CVE-2017-15706 Remote Security Weakness
9275| [103068] Apache JMeter CVE-2018-1287 Security Bypass Vulnerability
9276| [103067] Apache Qpid Dispatch Router 'router_core/connections.c' Denial of Service Vulnerability
9277| [103036] Apache CouchDB CVE-2017-12636 Remote Code Execution Vulnerability
9278| [103025] Apache Thrift CVE-2016-5397 Remote Command Injection Vulnerability
9279| [102879] Apache POI CVE-2017-12626 Multiple Denial of Service Vulnerabilities
9280| [102842] Apache NiFi CVE-2017-12632 Host Header Injection Vulnerability
9281| [102815] Apache NiFi CVE-2017-15697 Multiple Cross Site Scripting Vulnerabilities
9282| [102488] Apache Geode CVE-2017-9795 Remote Code Execution Vulnerability
9283| [102229] Apache Sling CVE-2017-15700 Information Disclosure Vulnerability
9284| [102226] Apache Drill CVE-2017-12630 Cross Site Scripting Vulnerability
9285| [102154] Multiple Apache Products CVE-2017-15708 Remote Code Execution Vulnerability
9286| [102127] Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities
9287| [102041] Apache Qpid Broker-J CVE-2017-15701 Denial of Service Vulnerability
9288| [102040] Apache Qpid Broker CVE-2017-15702 Security Weakness
9289| [102021] Apache Struts CVE-2017-15707 Denial of Service Vulnerability
9290| [101980] EMC RSA Authentication Agent for Web: Apache Web Server Authentication Bypass Vulnerability
9291| [101876] Apache Camel CVE-2017-12634 Deserialization Remote Code Execution Vulnerability
9292| [101874] Apache Camel CVE-2017-12633 Deserialization Remote Code Execution Vulnerability
9293| [101872] Apache Karaf CVE-2014-0219 Local Denial of Service Vulnerability
9294| [101868] Apache CouchDB CVE-2017-12635 Remote Privilege Escalation Vulnerability
9295| [101859] Apache CXF CVE-2017-12624 Denial of Service Vulnerability
9296| [101844] Apache Sling Servlets Post CVE-2017-11296 Cross Site Scripting Vulnerability
9297| [101686] Apache Hive CVE-2017-12625 Information Disclosure Vulnerability
9298| [101644] Apache Wicket CVE-2012-5636 Cross Site Scripting Vulnerability
9299| [101631] Apache Traffic Server CVE-2015-3249 Multiple Remote Code Execution Vulnerabilities
9300| [101630] Apache Traffic Server CVE-2014-3624 Access Bypass Vulnerability
9301| [101625] Apache jUDDI CVE-2009-1197 Security Bypass Vulnerability
9302| [101623] Apache jUDDI CVE-2009-1198 Cross Site Scripting Vulnerability
9303| [101620] Apache Subversion 'libsvn_fs_fs/fs_fs.c' Denial of Service Vulnerability
9304| [101585] Apache OpenOffice Multiple Remote Code Execution Vulnerabilities
9305| [101577] Apache Wicket CVE-2016-6806 Cross Site Request Forgery Vulnerability
9306| [101575] Apache Wicket CVE-2014-0043 Information Disclosure Vulnerability
9307| [101570] Apache Geode CVE-2017-9797 Information Disclosure Vulnerability
9308| [101562] Apache Derby CVE-2010-2232 Arbitrary File Overwrite Vulnerability
9309| [101560] Apache Portable Runtime Utility CVE-2017-12613 Multiple Information Disclosure Vulnerabilities
9310| [101558] Apache Portable Runtime Utility Local Out-of-Bounds Read Denial of Service Vulnerability
9311| [101532] Apache James CVE-2017-12628 Arbitrary Command Execution Vulnerability
9312| [101516] Apache HTTP Server CVE-2017-12171 Security Bypass Vulnerability
9313| [101261] Apache Solr/Lucene CVE-2017-12629 Information Disclosure and Remote Code Execution Vulnerabilities
9314| [101230] Apache Roller CVE-2014-0030 XML External Entity Injection Vulnerability
9315| [101173] Apache IMPALA CVE-2017-9792 Information Disclosure Vulnerability
9316| [101052] Apache Commons Jelly CVE-2017-12621 Security Bypass Vulnerability
9317| [101027] Apache Mesos CVE-2017-7687 Denial of Service Vulnerability
9318| [101023] Apache Mesos CVE-2017-9790 Denial of Service Vulnerability
9319| [100954] Apache Tomcat CVE-2017-12617 Incomplete Fix Remote Code Execution Vulnerability
9320| [100946] Apache Wicket CVE-2014-7808 Cross Site Request Forgery Vulnerability
9321| [100901] Apache Tomcat CVE-2017-12615 Remote Code Execution Vulnerability
9322| [100897] Apache Tomcat CVE-2017-12616 Information Disclosure Vulnerability
9323| [100880] Apache Directory LDAP API CVE-2015-3250 Unspecified Information Disclosure Vulnerability
9324| [100872] Apache HTTP Server CVE-2017-9798 Information Disclosure Vulnerability
9325| [100870] Apache Solr CVE-2017-9803 Remote Privilege Escalation Vulnerability
9326| [100859] puppetlabs-apache CVE-2017-2299 Information Disclosure Vulnerability
9327| [100829] Apache Struts CVE-2017-12611 Remote Code Execution Vulnerability
9328| [100823] Apache Spark CVE-2017-12612 Deserialization Remote Code Execution Vulnerability
9329| [100612] Apache Struts CVE-2017-9804 Incomplete Fix Denial of Service Vulnerability
9330| [100611] Apache Struts CVE-2017-9793 Denial of Service Vulnerability
9331| [100609] Apache Struts CVE-2017-9805 Remote Code Execution Vulnerability
9332| [100587] Apache Atlas CVE-2017-3155 Cross Frame Scripting Vulnerability
9333| [100581] Apache Atlas CVE-2017-3154 Information Disclosure Vulnerability
9334| [100578] Apache Atlas CVE-2017-3153 Cross Site Scripting Vulnerability
9335| [100577] Apache Atlas CVE-2017-3152 Cross Site Scripting Vulnerability
9336| [100547] Apache Atlas CVE-2017-3151 HTML Injection Vulnerability
9337| [100536] Apache Atlas CVE-2017-3150 Cross Site Scripting Vulnerability
9338| [100449] Apache Pony Mail CVE-2016-4460 Authentication Bypass Vulnerability
9339| [100447] Apache2Triad Multiple Security Vulnerabilities
9340| [100284] Apache Sling Servlets Post CVE-2017-9802 Cross Site Scripting Vulnerability
9341| [100280] Apache Tomcat CVE-2017-7674 Security Bypass Vulnerability
9342| [100259] Apache Subversion CVE-2017-9800 Remote Command Execution Vulnerability
9343| [100256] Apache Tomcat CVE-2017-7675 Directory Traversal Vulnerability
9344| [100235] Apache Storm CVE-2017-9799 Remote Code Execution Vulnerability
9345| [100082] Apache Commons Email CVE-2017-9801 SMTP Header Injection Vulnerability
9346| [99873] Apache Sling XSS Protection API CVE-2016-6798 XML External Entity Injection Vulnerability
9347| [99870] Apache Sling API CVE-2016-5394 Cross Site Scripting Vulnerability
9348| [99603] Apache Spark CVE-2017-7678 Cross Site Scripting Vulnerability
9349| [99592] Apache OpenMeetings CVE-2017-7685 Security Bypass Vulnerability
9350| [99587] Apache OpenMeetings CVE-2017-7673 Security Bypass Vulnerability
9351| [99586] Apache OpenMeetings CVE-2017-7688 Security Bypass Vulnerability
9352| [99584] Apache OpenMeetings CVE-2017-7684 Denial of Service Vulnerability
9353| [99577] Apache OpenMeetings CVE-2017-7663 Cross Site Scripting Vulnerability
9354| [99576] Apache OpenMeetings CVE-2017-7664 XML External Entity Injection Vulnerability
9355| [99569] Apache HTTP Server CVE-2017-9788 Memory Corruption Vulnerability
9356| [99568] Apache HTTP Server CVE-2017-9789 Denial of Service Vulnerability
9357| [99563] Apache Struts CVE-2017-7672 Denial of Service Vulnerability
9358| [99562] Apache Struts Spring AOP Functionality Denial of Service Vulnerability
9359| [99509] Apache Impala CVE-2017-5652 Information Disclosure Vulnerability
9360| [99508] Apache IMPALA CVE-2017-5640 Authentication Bypass Vulnerability
9361| [99486] Apache Traffic Control CVE-2017-7670 Denial of Service Vulnerability
9362| [99485] Apache Solr CVE-2017-7660 Security Bypass Vulnerability
9363| [99484] Apache Struts CVE-2017-9791 Remote Code Execution Vulnerability
9364| [99292] Apache Ignite CVE-2017-7686 Information Disclosure Vulnerability
9365| [99170] Apache HTTP Server CVE-2017-7679 Buffer Overflow Vulnerability
9366| [99137] Apache HTTP Server CVE-2017-7668 Denial of Service Vulnerability
9367| [99135] Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability
9368| [99134] Apache HTTP Server CVE-2017-3169 Denial of Service Vulnerability
9369| [99132] Apache HTTP Server CVE-2017-7659 Denial of Service Vulnerability
9370| [99112] Apache Thrift CVE-2015-3254 Denial of Service Vulnerability
9371| [99067] Apache Ranger CVE-2016-8751 HTML Injection Vulnerability
9372| [99018] Apache NiFi CVE-2017-7667 Cross Frame Scripting Vulnerability
9373| [99009] Apache NiFi CVE-2017-7665 Cross Site Scripting Vulnerability
9374| [98961] Apache Ranger CVE-2017-7677 Security Bypass Vulnerability
9375| [98958] Apache Ranger CVE-2017-7676 Security Bypass Vulnerability
9376| [98888] Apache Tomcat CVE-2017-5664 Security Bypass Vulnerability
9377| [98814] Apache Zookeeper CVE-2017-5637 Denial of Service Vulnerability
9378| [98795] Apache Hadoop CVE-2017-7669 Remote Privilege Escalation Vulnerability
9379| [98739] Apache Knox CVE-2017-5646 User Impersonation Vulnerability
9380| [98669] Apache Hive CVE-2016-3083 Security Bypass Vulnerability
9381| [98646] Apache Atlas CVE-2016-8752 Information Disclosure Vulnerability
9382| [98570] Apache Archiva CVE-2017-5657 Multiple Cross-Site Request Forgery Vulnerabilities
9383| [98489] Apache CXF Fediz CVE-2017-7661 Multiple Cross Site Request Forgery Vulnerabilities
9384| [98485] Apache CXF Fediz CVE-2017-7662 Cross Site Request Forgery Vulnerability
9385| [98466] Apache Ambari CVE-2017-5655 Insecure Temporary File Handling Vulnerability
9386| [98365] Apache Cordova For Android CVE-2016-6799 Information Disclosure Vulnerability
9387| [98025] Apache Hadoop CVE-2017-3161 Cross Site Scripting Vulnerability
9388| [98017] Apache Hadoop CVE-2017-3162 Input Validation Vulnerability
9389| [97971] Apache CXF CVE-2017-5656 Information Disclosure Vulnerability
9390| [97968] Apache CXF CVE-2017-5653 Spoofing Vulnerability
9391| [97967] Apache ActiveMQ CVE-2015-7559 Denial of Service Vulnerability
9392| [97949] Apache Traffic Server CVE-2017-5659 Denial of Service Vulnerability
9393| [97948] Apache Batik CVE-2017-5662 XML External Entity Information Disclosure Vulnerability
9394| [97947] Apache FOP CVE-2017-5661 XML External Entity Information Disclosure Vulnerability
9395| [97945] Apache Traffic Server CVE-2016-5396 Denial of Service Vulnerability
9396| [97702] Apache Log4j CVE-2017-5645 Remote Code Execution Vulnerability
9397| [97582] Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
9398| [97579] Apache CXF JAX-RS CVE-2016-8739 XML External Entity Injection Vulnerability
9399| [97544] Apache Tomcat CVE-2017-5651 Information Disclosure Vulnerability
9400| [97531] Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability
9401| [97530] Apache Tomcat CVE-2017-5648 Information Disclosure Vulnerability
9402| [97509] Apache Ignite CVE-2016-6805 Information Disclosure and XML External Entity Injection Vulnerabilities
9403| [97383] Apache Flex BlazeDS CVE-2017-5641 Remote Code Execution Vulnerability
9404| [97378] Apache Geode CVE-2017-5649 Information Disclosure Vulnerability
9405| [97229] Apache Ambari CVE-2016-4976 Local Information Disclosure Vulnerability
9406| [97226] Apache Camel CVE-2017-5643 Server Side Request Forgery Security Bypass Vulnerability
9407| [97184] Apache Ambari CVE-2016-6807 Remote Command Execution Vulnerability
9408| [97179] Apache Camel CVE-2016-8749 Java Deserialization Multiple Remote Code Execution Vulnerabilities
9409| [96983] Apache POI CVE-2017-5644 Denial Of Service Vulnerability
9410| [96895] Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
9411| [96731] Apache NiFi CVE-2017-5636 Remote Code Injection Vulnerability
9412| [96730] Apache NiFi CVE-2017-5635 Security Bypass Vulnerability
9413| [96729] Apache Struts CVE-2017-5638 Remote Code Execution Vulnerability
9414| [96540] IBM Development Package for Apache Spark CVE-2016-4970 Denial of Service Vulnerability
9415| [96398] Apache CXF CVE-2017-3156 Information Disclosure Vulnerability
9416| [96321] Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability
9417| [96293] Apache Tomcat 'http11/AbstractInputBuffer.java' Denial of Service Vulnerability
9418| [96228] Apache Brooklyn Cross Site Request Forgery and Multiple Cross Site Scripting Vulnerabilities
9419| [95998] Apache Ranger CVE-2016-8746 Security Bypass Vulnerability
9420| [95929] Apache Groovy CVE-2016-6497 Information Disclosure Vulnerability
9421| [95838] Apache Cordova For Android CVE-2017-3160 Man in the Middle Security Bypass Vulnerability
9422| [95675] Apache Struts Remote Code Execution Vulnerability
9423| [95621] Apache NiFi CVE-2106-8748 Cross Site Scripting Vulnerability
9424| [95429] Apache Groovy CVE-2016-6814 Remote Code Execution Vulnerability
9425| [95335] Apache Hadoop CVE-2016-3086 Information Disclosure Vulnerability
9426| [95168] Apache Wicket CVE-2016-6793 Denial of Service Vulnerability
9427| [95136] Apache Qpid Broker for Java CVE-2016-8741 Remote Information Disclosure Vulnerability
9428| [95078] Apache HTTP Server CVE-2016-0736 Remote Security Vulnerability
9429| [95077] Apache HTTP Server CVE-2016-8743 Security Bypass Vulnerability
9430| [95076] Apache HTTP Server CVE-2016-2161 Denial of Service Vulnerability
9431| [95020] Apache Tika CVE-2015-3271 Remote Information Disclosure Vulnerability
9432| [94950] Apache Hadoop CVE-2016-5001 Local Information Disclosure Vulnerability
9433| [94882] Apache ActiveMQ CVE-2016-6810 HTML Injection Vulnerability
9434| [94828] Apache Tomcat CVE-2016-8745 Information Disclosure Vulnerability
9435| [94766] Apache CouchDB CVE-2016-8742 Local Privilege Escalation Vulnerability
9436| [94657] Apache Struts CVE-2016-8738 Denial of Service Vulnerability
9437| [94650] Apache HTTP Server CVE-2016-8740 Denial of Service Vulnerability
9438| [94588] Apache Subversion CVE-2016-8734 XML External Entity Denial of Service Vulnerability
9439| [94513] Apache Karaf CVE-2016-8648 Remote Code Execution Vulnerability
9440| [94463] Apache Tomcat CVE-2016-8735 Remote Code Execution Vulnerability
9441| [94462] Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability
9442| [94461] Apache Tomcat CVE-2016-6816 Security Bypass Vulnerability
9443| [94418] Apache OpenOffice CVE-2016-6803 Local Privilege Escalation Vulnerability
9444| [94247] Apache Tika CVE-2016-6809 Remote Code Execution Vulnerability
9445| [94221] Apache Ranger CVE-2016-6815 Local Privilege Escalation Vulnerability
9446| [94145] Apache OpenMeetings CVE-2016-8736 Remote Code Execution Vulnerability
9447| [93945] Apache CloudStack CVE-2016-6813 Authorization Bypass Vulnerability
9448| [93944] Apache Tomcat Security Manager CVE-2016-6796 Security Bypass Vulnerability
9449| [93943] Apache Tomcat CVE-2016-6794 Security Bypass Vulnerability
9450| [93942] Apache Tomcat Security Manager CVE-2016-5018 Security Bypass Vulnerability
9451| [93940] Apache Tomcat CVE-2016-6797 Security Bypass Vulnerability
9452| [93939] Apache Tomcat CVE-2016-0762 Information Disclosure Vulnerability
9453| [93774] Apache OpenOffice CVE-2016-6804 DLL Loading Remote Code Execution Vulnerability
9454| [93773] Apache Struts CVE-2016-6795 Directory Traversal Vulnerability
9455| [93478] Apache Tomcat CVE-2016-6325 Local Privilege Escalation Vulnerability
9456| [93472] Apache Tomcat CVE-2016-5425 Insecure File Permissions Vulnerability
9457| [93429] Apache Tomcat JK Connector CVE-2016-6808 Remote Buffer Overflow Vulnerability
9458| [93263] Apache Tomcat CVE-2016-1240 Local Privilege Escalation Vulnerability
9459| [93236] Apache MyFaces Trinidad CVE-2016-5019 Remote Code Execution Vulnerability
9460| [93142] Apache ActiveMQ Artemis CVE-2016-4978 Remote Code Execution Vulnerability
9461| [93132] Apache Derby CVE-2015-1832 XML External Entity Information Disclosure Vulnerability
9462| [93044] Apache Zookeeper CVE-2016-5017 Buffer Overflow Vulnerability
9463| [92966] Apache Jackrabbit CVE-2016-6801 Cross-Site Request Forgery Vulnerability
9464| [92947] Apache Shiro CVE-2016-6802 Remote Security Bypass Vulnerability
9465| [92905] Apache CXF Fediz CVE-2016-4464 Security Bypass Vulnerability
9466| [92577] Apache Ranger CVE-2016-5395 HTML Injection Vulnerability
9467| [92331] Apache HTTP Server CVE-2016-1546 Remote Denial of Service Vulnerability
9468| [92328] Apache Hive CVE-2016-0760 Multiple Remote Code Execution Vulnerabilities
9469| [92320] Apache APR-util and httpd CVE-2016-6312 Denial of Service Vulnerability
9470| [92100] Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability
9471| [92079] Apache OpenOffice CVE-2016-1513 Remote Code Execution Vulnerability
9472| [91818] Apache Tomcat CVE-2016-5388 Security Bypass Vulnerability
9473| [91816] Apache HTTP Server CVE-2016-5387 Security Bypass Vulnerability
9474| [91788] Apache Qpid Proton CVE-2016-4467 Certificate Verification Security Bypass Vulnerability
9475| [91738] Apache XML-RPC CVE-2016-5003 Remote Code Execution Vulnerability
9476| [91736] Apache XML-RPC Multiple Security Vulnerabilities
9477| [91707] Apache Archiva CVE-2016-5005 HTML Injection Vulnerability
9478| [91703] Apache Archiva CVE-2016-4469 Multiple Cross-Site Request Forgery Vulnerabilities
9479| [91566] Apache HTTP Server CVE-2016-4979 Authentication Bypass Vulnerability
9480| [91537] Apache QPID CVE-2016-4974 Deserialization Security Bypass Vulnerability
9481| [91501] Apache Xerces-C CVE-2016-4463 Stack Buffer Overflow Vulnerability
9482| [91453] Apache Commons FileUpload CVE-2016-3092 Denial Of Service Vulnerability
9483| [91284] Apache Struts CVE-2016-4431 Security Bypass Vulnerability
9484| [91282] Apache Struts CVE-2016-4433 Security Bypass Vulnerability
9485| [91281] Apache Struts CVE-2016-4430 Cross-Site Request Forgery Vulnerability
9486| [91280] Apache Struts CVE-2016-4436 Security Bypass Vulnerability
9487| [91278] Apache Struts CVE-2016-4465 Denial of Service Vulnerability
9488| [91277] Apache Struts Incomplete Fix Remote Code Execution Vulnerability
9489| [91275] Apache Struts CVE-2016-4438 Remote Code Execution Vulnerability
9490| [91217] Apache Continuum 'saveInstallation.action' Command Execution Vulnerability
9491| [91141] Apache CloudStack CVE-2016-3085 Authentication Bypass Vulnerability
9492| [91068] Apache Struts CVE-2016-1181 Remote Code Execution Vulnerability
9493| [91067] Apache Struts CVE-2016-1182 Security Bypass Vulnerability
9494| [91024] Apache Shiro CVE-2016-4437 Information Disclosure Vulnerability
9495| [90988] Apache Ranger CVE-2016-2174 SQL Injection Vulnerability
9496| [90961] Apache Struts CVE-2016-3093 Denial of Service Vulnerability
9497| [90960] Apache Struts CVE-2016-3087 Remote Code Execution Vulnerability
9498| [90921] Apache Qpid CVE-2016-4432 Authentication Bypass Vulnerability
9499| [90920] Apache Qpid CVE-2016-3094 Denial of Service Vulnerability
9500| [90902] Apache PDFBox CVE-2016-2175 XML External Entity Injection Vulnerability
9501| [90897] Apache Tika CVE-2016-4434 XML External Entity Injection Vulnerability
9502| [90827] Apache ActiveMQ CVE-2016-3088 Multiple Arbitrary File Upload Vulnerabilities
9503| [90755] Apache Ambari CVE-2016-0707 Multiple Local Information Disclosure Vulnerabilities
9504| [90482] Apache CVE-2004-1387 Local Security Vulnerability
9505| [89762] Apache CVE-2001-1556 Remote Security Vulnerability
9506| [89417] Apache Subversion CVE-2016-2167 Authentication Bypass Vulnerability
9507| [89326] RETIRED: Apache Subversion CVE-2016-2167 Security Bypass Vulnerability
9508| [89320] Apache Subversion CVE-2016-2168 Remote Denial of Service Vulnerability
9509| [88826] Apache Struts CVE-2016-3082 Remote Code Execution Vulnerability
9510| [88797] Apache Cordova For iOS CVE-2015-5208 Arbitrary Code Execution Vulnerability
9511| [88764] Apache Cordova iOS CVE-2015-5207 Multiple Security Bypass Vulnerabilities
9512| [88701] Apache CVE-2001-1449 Remote Security Vulnerability
9513| [88635] Apache CVE-2000-1204 Remote Security Vulnerability
9514| [88590] Apache WWW server CVE-1999-1199 Denial-Of-Service Vulnerability
9515| [88496] Apache CVE-2000-1206 Remote Security Vulnerability
9516| [87828] Apache CVE-1999-1237 Remote Security Vulnerability
9517| [87784] Apache CVE-1999-1293 Denial-Of-Service Vulnerability
9518| [87327] Apache Struts CVE-2016-3081 Remote Code Execution Vulnerability
9519| [86622] Apache Stats CVE-2007-0975 Remote Security Vulnerability
9520| [86399] Apache CVE-2007-1743 Local Security Vulnerability
9521| [86397] Apache CVE-2007-1742 Local Security Vulnerability
9522| [86311] Apache Struts CVE-2016-4003 Cross Site Scripting Vulnerability
9523| [86174] Apache Wicket CVE-2015-5347 Cross Site Scripting Vulnerability
9524| [85971] Apache OFBiz CVE-2016-2170 Java Deserialization Remote Code Execution Vulnerability
9525| [85967] Apache OFBiz CVE-2015-3268 HTML Injection Vulnerability
9526| [85759] Apache Jetspeed CVE-2016-2171 Unauthorized Access Vulnerability
9527| [85758] Apache Jetspeed CVE-2016-0712 Cross Site Scripting Vulnerability
9528| [85756] Apache Jetspeed CVE-2016-0710 Multiple SQL Injection Vulnerabilities
9529| [85755] Apache Jetspeed CVE-2016-0711 Mulitple HTML Injection Vulnerabilities
9530| [85754] Apache Jetspeed CVE-2016-0709 Directory Traversal Vulnerability
9531| [85730] Apache Subversion CVE-2015-5343 Integer Overflow Vulnerability
9532| [85691] Apache Ranger CVE-2016-0735 Security Bypass Vulnerability
9533| [85578] Apache ActiveMQ CVE-2010-1244 Cross-Site Request Forgery Vulnerability
9534| [85554] Apache OpenMeetings CVE-2016-2164 Multiple Information Disclosure Vulnerabilities
9535| [85553] Apache OpenMeetings CVE-2016-0783 Information Disclosure Vulnerability
9536| [85552] Apache OpenMeetings CVE-2016-2163 HTML Injection Vulnerability
9537| [85550] Apache OpenMeetings CVE-2016-0784 Directory Traversal Vulnerability
9538| [85386] Apache Hadoop CVE-2015-7430 Local Privilege Escalation Vulnerability
9539| [85377] Apache Qpid Proton Python API CVE-2016-2166 Man in the Middle Security Bypass Vulnerability
9540| [85205] Apache Solr CVE-2015-8796 Cross Site Scripting Vulnerability
9541| [85203] Apache Solr CVE-2015-8795 Mulitple HTML Injection Vulnerabilities
9542| [85163] Apache Geronimo CVE-2008-0732 Local Security Vulnerability
9543| [85131] Apache Struts 'TextParseUtil.translateVariables()' Method Remote Code Execution Vulnerability
9544| [85070] Apache Struts CVE-2016-2162 Cross Site Scripting Vulnerability
9545| [85066] Apache Struts CVE-2016-0785 Remote Code Execution Vulnerability
9546| [84422] Apache TomEE CVE-2016-0779 Unspecified Security Vulnerability
9547| [84321] Apache ActiveMQ CVE-2016-0734 Clickjacking Vulnerability
9548| [84316] Apache ActiveMQ CVE-2016-0782 Multiple Cross Site Scripting Vulnerabilities
9549| [83910] Apache Wicket CVE-2015-7520 Cross Site Scripting Vulnerability
9550| [83423] Apache Xerces-C CVE-2016-0729 Buffer Overflow Vulnerability
9551| [83330] Apache Tomcat CVE-2015-5351 Cross Site Request Forgery Vulnerability
9552| [83329] Apache Tomcat CVE-2015-5174 Directory Traversal Vulnerability
9553| [83328] Apache Tomcat CVE-2015-5345 Directory Traversal Vulnerability
9554| [83327] Apache Tomcat Security Manager CVE-2016-0714 Remote Code Execution Vulnerability
9555| [83326] Apache Tomcat CVE-2016-0763 Security Bypass Vulnerability
9556| [83324] Apache Tomcat Security Manager CVE-2016-0706 Information Disclosure Vulnerability
9557| [83323] Apache Tomcat CVE-2015-5346 Session Fixation Vulnerability
9558| [83259] Apache Hadoop CVE-2015-1776 Information Disclosure Vulnerability
9559| [83243] Apache Solr CVE-2015-8797 Cross Site Scripting Vulnerability
9560| [83119] Apache Sling CVE-2016-0956 Information Disclosure Vulnerability
9561| [83002] Apache CVE-2000-1205 Cross-Site Scripting Vulnerability
9562| [82871] Apache Ranger Authentication Bypass and Security Bypass Vulnerabilities
9563| [82800] Apache CloudStack CVE-2015-3251 Information Disclosure Vulnerability
9564| [82798] Apache CloudStack CVE-2015-3252 Authentication Bypass Vulnerability
9565| [82732] Apache Gallery CVE-2003-0771 Local Security Vulnerability
9566| [82676] Apache CVE-2003-1581 Cross-Site Scripting Vulnerability
9567| [82550] Apache Struts CVE-2015-5209 Security Bypass Vulnerability
9568| [82300] Apache Subversion CVE-2015-5259 Integer Overflow Vulnerability
9569| [82260] Apache Camel CVE-2015-5344 Remote Code Execution Vulnerability
9570| [82234] Apache Hive CVE-2015-7521 Security Bypass Vulnerability
9571| [82082] Apache CVE-1999-0289 Remote Security Vulnerability
9572| [81821] Apache Distribution for Solaris CVE-2007-2080 SQL-Injection Vulnerability
9573| [80696] Apache Camel CVE-2015-5348 Information Disclosure Vulnerability
9574| [80525] Apache CVE-2003-1580 Remote Security Vulnerability
9575| [80354] Drupal Apache Solr Search Module Access Bypass Vulnerability
9576| [80193] Apache CVE-1999-0107 Denial-Of-Service Vulnerability
9577| [79812] Apache Directory Studio CVE-2015-5349 Command Injection Vulnerability
9578| [79744] Apache HBase CVE-2015-1836 Unauthorized Access Vulnerability
9579| [79204] Apache TomEE 'EjbObjectInputStream' Remote Code Execution Vulnerability
9580| [77679] Apache Cordova For Android CVE-2015-8320 Weak Randomization Security Bypass Vulnerability
9581| [77677] Apache Cordova For Android CVE-2015-5256 Security Bypass Vulnerability
9582| [77591] Apache CXF SAML SSO Processing CVE-2015-5253 Security Bypass Vulnerability
9583| [77521] Apache Commons Collections 'InvokerTransformer.java' Remote Code Execution Vulnerability
9584| [77110] Apache HttpComponents HttpClient CVE-2015-5262 Denial of Service Vulnerability
9585| [77086] Apache Ambari CVE-2015-1775 Server Side Request Forgery Security Bypass Vulnerability
9586| [77085] Apache Ambari CVE-2015-3270 Remote Privilege Escalation Vulnerability
9587| [77082] Apache Ambari 'targetURI' Parameter Open Redirection Vulnerability
9588| [77059] Apache Ambari CVE-2015-3186 Cross Site Scripting Vulnerability
9589| [76933] Apache James Server Unspecified Command Execution Vulnerability
9590| [76832] Apache cordova-plugin-file-transfer CVE-2015-5204 HTTP Header Injection Vulnerability
9591| [76625] Apache Struts CVE-2015-5169 Cross Site Scripting Vulnerability
9592| [76624] Apache Struts CVE-2015-2992 Cross Site Scripting Vulnerability
9593| [76522] Apache Tapestry CVE-2014-1972 Security Bypass Vulnerability
9594| [76486] Apache CXF Fediz CVE-2015-5175 Denial of Service Vulnerability
9595| [76452] Apache ActiveMQ CVE-2015-1830 Directory Traversal Vulnerability
9596| [76446] Apache Subversion 'libsvn_fs_fs/tree.c' Denial of Service Vulnerability
9597| [76274] Apache Subversion CVE-2015-3184 Information Disclosure Vulnerability
9598| [76273] Apache Subversion CVE-2015-3187 Information Disclosure Vulnerability
9599| [76272] Apache ActiveMQ CVE-2014-3576 Denial of Service Vulnerability
9600| [76221] Apache Ranger CVE-2015-0266 Access Bypass Vulnerability
9601| [76208] Apache Ranger CVE-2015-0265 JavaScript Code Injection Vulnerability
9602| [76025] Apache ActiveMQ Artemis CVE-2015-3208 XML External Entity Information Disclosure Vulnerability
9603| [75965] Apache HTTP Server CVE-2015-3185 Security Bypass Vulnerability
9604| [75964] Apache HTTP Server CVE-2015-0253 Remote Denial of Service Vulnerability
9605| [75963] Apache HTTP Server CVE-2015-3183 Security Vulnerability
9606| [75940] Apache Struts CVE-2015-1831 Security Bypass Vulnerability
9607| [75919] Apache Groovy CVE-2015-3253 Remote Code Execution Vulnerability
9608| [75338] Apache Storm CVE-2015-3188 Remote Code Execution Vulnerability
9609| [75275] Drupal Apache Solr Real-Time Module Access Bypass Vulnerability
9610| [74866] Apache Cordova For Android CVE-2015-1835 Security Bypass Vulnerability
9611| [74839] Apache Sling API and Sling Servlets CVE-2015-2944 Cross Site Scripting Vulnerability
9612| [74761] Apache Jackrabbit CVE-2015-1833 XML External Entity Information Disclosure Vulnerability
9613| [74686] Apache Ambari '/var/lib/ambari-server/ambari-env.sh' Local Privilege Escalation Vulnerability
9614| [74665] Apache Tomcat CVE-2014-7810 Security Bypass Vulnerability
9615| [74475] Apache Tomcat CVE-2014-0230 Denial of Service Vulnerability
9616| [74423] Apache Struts CVE-2015-0899 Security Bypass Vulnerability
9617| [74338] Apache OpenOffice HWP Filter Memory Corruption Vulnerability
9618| [74265] Apache Tomcat 'mod_jk' CVE-2014-8111 Information Disclosure Vulnerability
9619| [74260] Apache Subversion CVE-2015-0248 Multiple Denial of Service Vulnerabilities
9620| [74259] Apache Subversion 'deadprops.c' Security Bypass Vulnerability
9621| [74204] PHP 'sapi/apache2handler/sapi_apache2.c' Remote Code Execution Vulnerability
9622| [74158] Apache HTTP Server 'protocol.c' Remote Denial of Service Vulnerability
9623| [73954] Apache Flex 'asdoc/templates/index.html' Cross Site Scripting Vulnerability
9624| [73851] Apache2 CVE-2012-0216 Cross-Site Scripting Vulnerability
9625| [73478] Apache Cassandra CVE-2015-0225 Remote Code Execution Vulnerability
9626| [73041] Apache HTTP Server 'mod_lua' Module Denial of Service Vulnerability
9627| [73040] Apache HTTP Server 'mod_lua.c' Local Access Bypass Vulnerability
9628| [72809] Apache Standard Taglibs CVE-2015-0254 XML External Entity Injection Vulnerability
9629| [72717] Apache Tomcat CVE-2014-0227 Chunk Request Remote Denial Of Service Vulnerability
9630| [72557] Apache WSS4J CVE-2015-0227 Security Bypass Vulnerability
9631| [72553] Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability
9632| [72513] Apache ActiveMQ CVE-2014-3612 LDAP Authentication Bypass Vulnerability
9633| [72511] Apache ActiveMQ CVE-2014-8110 Multiple Cross Site Scripting Vulnerabilities
9634| [72510] Apache ActiveMQ CVE-2014-3600 XML External Entity Injection Vulnerability
9635| [72508] Apache ActiveMQ Apollo CVE-2014-3579 XML External Entity Injection Vulnerability
9636| [72319] Apache Qpid CVE-2015-0223 Security Bypass Vulnerability
9637| [72317] Apache Qpid CVE-2015-0224 Incomplete Fix Multiple Denial of Service Vulnerabilities
9638| [72115] Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability
9639| [72053] Apache HTTP Server 'mod_remoteip.c' IP Address Spoofing Vulnerability
9640| [72030] Apache Qpid CVE-2015-0203 Multiple Denial of Service Vulnerabilities
9641| [71879] Apache Traffic Server 'HttpTransact.cc' Denial of Service Vulnerability
9642| [71726] Apache Subversion CVE-2014-3580 Remote Denial of Service Vulnerability
9643| [71725] Apache Subversion CVE-2014-8108 Remote Denial of Service Vulnerability
9644| [71657] Apache HTTP Server 'mod_proxy_fcgi' Module Denial of Service Vulnerability
9645| [71656] Apache HTTP Server 'mod_cache' Module Denial of Service Vulnerability
9646| [71548] Apache Struts CVE-2014-7809 Security Bypass Vulnerability
9647| [71466] Apache Hadoop CVE-2014-3627 Information Disclosure Vulnerability
9648| [71353] Apache HTTP Server 'LuaAuthzProvider' Authorization Bypass Vulnerability
9649| [71004] Apache Qpid CVE-2014-3629 XML External Entity Injection Vulnerability
9650| [70970] Apache Traffic Server Cross Site Scripting Vulnerability
9651| [70738] Apache CXF CVE-2014-3584 Denial of Service Vulnerability
9652| [70736] Apache CXF SAML SubjectConfirmation Security Bypass Vulnerability
9653| [69728] Apache Tomcat CVE-2013-4444 Arbitrary File Upload Vulnerability
9654| [69648] Apache POI CVE-2014-3574 Denial Of Service Vulnerability
9655| [69647] Apache POI OpenXML parser CVE-2014-3529 XML External Entity Information Disclosure Vulnerability
9656| [69351] Apache OpenOffice Calc CVE-2014-3524 Command Injection Vulnerability
9657| [69295] Apache Axis Incomplete Fix CVE-2014-3596 SSL Certificate Validation Security Bypass Vulnerability
9658| [69286] Apache OFBiz CVE-2014-0232 Multiple Cross Site Scripting Vulnerabilities
9659| [69258] Apache HttpComponents Incomplete Fix CVE-2014-3577 SSL Validation Security Bypass Vulnerability
9660| [69257] Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
9661| [69248] Apache HTTP Server CVE-2013-4352 Remote Denial of Service Vulnerability
9662| [69237] Apache Subversion CVE-2014-3522 SSL Certificate Validation Information Disclosure Vulnerability
9663| [69173] Apache Traffic Server CVE-2014-3525 Unspecified Security Vulnerability
9664| [69046] Apache Cordova For Android CVE-2014-3502 Information Disclosure Vulnerability
9665| [69041] Apache Cordova For Android CVE-2014-3501 Security Bypass Vulnerability
9666| [69038] Apache Cordova For Android CVE-2014-3500 Security Bypass Vulnerability
9667| [68995] Apache Subversion CVE-2014-3528 Insecure Authentication Weakness
9668| [68966] Apache Subversion 'irkerbridge.py' Local Privilege Escalation Vulnerability
9669| [68965] Apache Subversion 'svnwcsub.py' Local Privilege Escalation Vulnerability
9670| [68863] Apache HTTP Server 'mod_cache' Module Remote Denial of Service Vulnerability
9671| [68747] Apache HTTP Server CVE-2014-3523 Remote Denial of Service Vulnerability
9672| [68745] Apache HTTP Server CVE-2014-0118 Remote Denial of Service Vulnerability
9673| [68742] Apache HTTP Server CVE-2014-0231 Remote Denial of Service Vulnerability
9674| [68740] Apache HTTP Server CVE-2014-0117 Remote Denial of Service Vulnerability
9675| [68678] Apache HTTP Server 'mod_status' CVE-2014-0226 Remote Code Execution Vulnerability
9676| [68445] Apache CXF UsernameToken Information Disclosure Vulnerability
9677| [68441] Apache CXF SAML Tokens Validation Security Bypass Vulnerability
9678| [68431] Apache Syncope CVE-2014-3503 Insecure Password Generation Weakness
9679| [68229] Apache Harmony PRNG Entropy Weakness
9680| [68111] Apache 'mod_wsgi' Module Privilege Escalation Vulnerability
9681| [68072] Apache Tomcat CVE-2014-0186 Remote Denial of Service Vulnerability
9682| [68039] Apache Hive CVE-2014-0228 Security Bypass Vulnerability
9683| [67673] Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability
9684| [67671] Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
9685| [67669] Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
9686| [67668] Apache Tomcat CVE-2014-0099 Request Processing Information Disclosure Vulnerability
9687| [67667] Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
9688| [67534] Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
9689| [67532] Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
9690| [67530] Apache Solr Search Template Cross Site Scripting Vulnerability
9691| [67236] Apache CXF CVE-2014-0109 Remote Denial of Service Vulnerability
9692| [67232] Apache CXF CVE-2014-0110 Denial of Service Vulnerability
9693| [67121] Apache Struts ClassLoader Manipulation CVE-2014-0114 Security Bypass Vulnerability
9694| [67081] Apache Struts 'getClass()' Method Security Bypass Vulnerability
9695| [67064] Apache Struts ClassLoader Manipulation Incomplete Fix Security Bypass Vulnerability
9696| [67013] Apache Zookeeper CVE-2014-0085 Local Information Disclosure Vulnerability
9697| [66998] Apache Archiva CVE-2013-2187 Unspecified Cross Site Scripting Vulnerability
9698| [66991] Apache Archiva CVE-2013-2187 HTML Injection Vulnerability
9699| [66927] Apache Syncope CVE-2014-0111 Remote Code Execution Vulnerability
9700| [66474] Apache CouchDB Universally Unique IDentifier (UUID) Remote Denial of Service Vulnerability
9701| [66397] Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
9702| [66303] Apache HTTP Server Multiple Denial of Service Vulnerabilities
9703| [66041] RETIRED: Apache Struts CVE-2014-0094 Classloader Manipulation Security Bypass Vulnerability
9704| [65999] Apache Struts ClassLoader Manipulation CVE-2014-0094 Security Bypass Vulnerability
9705| [65967] Apache Cordova File-Transfer Unspecified Security Vulnerability
9706| [65959] Apache Cordova InAppBrowser Remote Privilege Escalation Vulnerability
9707| [65935] Apache Shiro 'login.jsp' Authentication Bypass Vulnerability
9708| [65902] Apache Camel CVE-2014-0003 Remote Code Execution Vulnerability
9709| [65901] Apache Camel CVE-2014-0002 XML External Entity Information Disclosure Vulnerability
9710| [65773] Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability
9711| [65769] Apache Tomcat CVE-2014-0033 Session Fixation Vulnerability
9712| [65768] Apache Tomcat CVE-2013-4590 XML External Entity Information Disclosure Vulnerability
9713| [65767] Apache Tomcat CVE-2013-4322 Incomplete Fix Denial of Service Vulnerability
9714| [65615] Apache ActiveMQ 'refresh' Parameter Cross Site Scripting Vulnerability
9715| [65434] Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
9716| [65431] Apache Wicket CVE-2013-2055 Information Disclosure Vulnerability
9717| [65400] Apache Commons FileUpload CVE-2014-0050 Denial Of Service Vulnerability
9718| [64782] Apache CloudStack Virtual Router Component Security Bypass Vulnerability
9719| [64780] Apache CloudStack Unauthorized Access Vulnerability
9720| [64617] Apache Libcloud Digital Ocean API Local Information Disclosure Vulnerability
9721| [64437] Apache Santuario XML Security For JAVA XML Signature Denial of Service Vulnerability
9722| [64427] Apache Solr Multiple XML External Entity Injection Vulnerabilities
9723| [64009] Apache Solr CVE-2013-6408 XML External Entity Injection Vulnerability
9724| [64008] Apache Solr CVE-2013-6407 XML External Entity Injection Vulnerability
9725| [63981] Apache Subversion 'mod_dav_svn' Module Denial of Service Vulnerability
9726| [63966] Apache Subversion CVE-2013-4505 Security Bypass Vulnerability
9727| [63963] Apache Roller CVE-2013-4171 Cross Site Scripting Vulnerability
9728| [63935] Apache Solr 'SolrResourceLoader' Directory Traversal Vulnerability
9729| [63928] Apache Roller CVE-2013-4212 OGNL Expression Injection Remote Code Execution Vulnerability
9730| [63515] Apache Tomcat Manager Component CVE-2013-6357 Cross Site Request Forgery Vulnerability
9731| [63403] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9732| [63400] Apache 'mod_pagespeed' Module Unspecified Cross Site Scripting Vulnerability
9733| [63260] Apache Shindig CVE-2013-4295 XML External Entity Information Disclosure Vulnerability
9734| [63241] Apache Sling 'AbstractAuthenticationFormServlet' Open Redirection Vulnerability
9735| [63174] Apache Commons FileUpload 'DiskFileItem' Class Null Byte Arbitrary File Write Vulnerability
9736| [62939] Apache 'mod_fcgid' Module CVE-2013-4365 Heap Buffer Overflow Vulnerability
9737| [62903] Apache Sling 'deepGetOrCreateNode()' Function Denial Of Service Vulnerability
9738| [62706] Apache Camel CVE-2013-4330 Information Disclosure Vulnerability
9739| [62677] Apache 'mod_accounting' Module CVE-2013-5697 SQL Injection Vulnerability
9740| [62674] TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
9741| [62587] Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
9742| [62584] Apache Struts CVE-2013-4310 Security Bypass Vulnerability
9743| [62266] Apache Subversion CVE-2013-4277 Insecure Temporary File Creation Vulnerability
9744| [61984] Apache Hadoop RPC Authentication CVE-2013-2192 Man in the Middle Security Bypass Vulnerability
9745| [61981] Apache HBase RPC Authentication Man In The Middle Security Bypass Vulnerability
9746| [61638] Apache CloudStack CVE-2013-2136 Multiple Cross Site Scripting Vulnerabilities
9747| [61454] Apache Subversion CVE-2013-4131 Denial Of Service Vulnerability
9748| [61379] Apache HTTP Server CVE-2013-2249 Unspecified Remote Security Vulnerability
9749| [61370] Apache OFBiz CVE-2013-2317 'View Log' Cross Site Scripting Vulnerability
9750| [61369] Apache OFBiz Nested Expression Remote Code Execution Vulnerability
9751| [61196] Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
9752| [61189] Apache Struts CVE-2013-2251 Multiple Remote Command Execution Vulnerabilities
9753| [61129] Apache HTTP Server CVE-2013-1896 Remote Denial of Service Vulnerability
9754| [61030] Apache CXF CVE-2013-2160 Multiple Remote Denial of Service Vulnerabilities
9755| [60875] Apache Geronimo RMI Classloader Security Bypass Vulnerability
9756| [60846] Apache Santuario XML Security for JAVA XML Signature CVE-2013-2172 Security Bypass Vulnerability
9757| [60817] Apache Santuario XML Security for C++ CVE-2013-2210 Heap Buffer Overflow Vulnerability
9758| [60800] Apache Qpid Python Client SSL Certificate Verification Information Disclosure Vulnerability
9759| [60599] Apache Santuario XML Security for C++ CVE-2013-2156 Remote Heap Buffer Overflow Vulnerability
9760| [60595] Apache Santuario XML Security for C++ XML Signature CVE-2013-2155 Denial of Service Vulnerability
9761| [60594] Apache Santuario XML Security for C++ CVE-2013-2154 Stack Buffer Overflow Vulnerability
9762| [60592] Apache Santuario XML Security for C++ XML Signature CVE-2013-2153 Security Bypass Vulnerability
9763| [60534] Apache OpenJPA Object Deserialization Arbitrary File Creation or Overwrite Vulnerability
9764| [60346] Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability
9765| [60345] Apache Struts CVE-2013-2135 OGNL Expression Injection Vulnerability
9766| [60267] Apache Subversion CVE-2013-1968 Remote Denial of Service Vulnerability
9767| [60265] Apache Subversion CVE-2013-2088 Command Injection Vulnerability
9768| [60264] Apache Subversion CVE-2013-2112 Remote Denial of Service Vulnerability
9769| [60187] Apache Tomcat DIGEST Authentication CVE-2013-2051 Incomplete Fix Security Weakness
9770| [60186] Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
9771| [60167] Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
9772| [60166] Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
9773| [60082] Apache Struts 'ParameterInterceptor' Class OGNL CVE-2013-1965 Security Bypass Vulnerability
9774| [59826] Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
9775| [59799] Apache Tomcat CVE-2013-2067 Session Fixation Vulnerability
9776| [59798] Apache Tomcat CVE-2013-2071 Information Disclosure Vulnerability
9777| [59797] Apache Tomcat CVE-2012-3544 Denial of Service Vulnerability
9778| [59670] Apache VCL Multiple Input Validation Vulnerabilities
9779| [59464] Apache CloudStack CVE-2013-2758 Hash Information Disclosure Vulnerability
9780| [59463] Apache CloudStack CVE-2013-2756 Authentication Bypass Vulnerability
9781| [59402] Apache ActiveMQ CVE-2013-3060 Information Disclosure and Denial of Service Vulnerability
9782| [59401] Apache ActiveMQ CVE-2012-6551 Denial of Service Vulnerability
9783| [59400] Apache ActiveMQ CVE-2012-6092 Multiple Cross Site Scripting Vulnerabilities
9784| [58898] Apache Subversion CVE-2013-1884 Remote Denial of Service Vulnerability
9785| [58897] Apache Subversion 'mod_dav_svn/lock.c' Remote Denial of Service Vulnerability
9786| [58895] Apache Subversion 'mod_dav_svn' Remote Denial of Service Vulnerability
9787| [58455] Apache Rave User RPC API CVE-2013-1814 Information Disclosure Vulnerability
9788| [58379] Apache Qpid CVE-2012-4446 Authentication Bypass Vulnerability
9789| [58378] Apache Qpid CVE-2012-4460 Denial of Service Vulnerability
9790| [58376] Apache Qpid CVE-2012-4458 Denial of Service Vulnerability
9791| [58337] Apache Qpid CVE-2012-4459 Denial of Service Vulnerability
9792| [58326] Apache Commons FileUpload CVE-2013-0248 Insecure Temporary File Creation Vulnerability
9793| [58325] Debian Apache HTTP Server CVE-2013-1048 Symlink Attack Local Privilege Escalation Vulnerability
9794| [58323] Apache Subversion 'svn_fs_file_length()' Remote Denial of Service Vulnerability
9795| [58165] Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities
9796| [58136] Apache Maven CVE-2013-0253 SSL Certificate Validation Security Bypass Vulnerability
9797| [58124] Apache Tomcat 'log/logdir' Directory Insecure File Permissions Vulnerability
9798| [58073] Apache Commons HttpClient CVE-2012-5783 SSL Certificate Validation Security Bypass Vulnerability
9799| [57876] Apache CXF WS-SecurityPolicy Authentication Bypass Vulnerability
9800| [57874] Apache CXF CVE-2012-5633 Security Bypass Vulnerability
9801| [57463] Apache OFBiz CVE-2013-0177 Multiple Cross Site Scripting Vulnerabilities
9802| [57425] Apache CXF CVE-2012-5786 SSL Certificate Validation Security Bypass Vulnerability
9803| [57321] Apache CouchDB CVE-2012-5650 Cross Site Scripting Vulnerability
9804| [57314] Apache CouchDB CVE-2012-5649 Remote Code Execution Vulnerability
9805| [57267] Apache Axis2/C SSL Certificate Validation Security Bypass Vulnerability
9806| [57259] Apache CloudStack CVE-2012-5616 Local Information Disclosure Vulnerability
9807| [56814] Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
9808| [56813] Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
9809| [56812] Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
9810| [56753] Apache Apache HTTP Server 'mod_proxy_ajp Module Denial Of Service Vulnerability
9811| [56686] Apache Tomcat CVE-2012-5568 Denial of Service Vulnerability
9812| [56408] Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
9813| [56403] Apache Tomcat DIGEST Authentication Multiple Security Weaknesses
9814| [56402] Apache Tomcat CVE-2012-2733 Denial of Service Vulnerability
9815| [56171] Apache OFBiz CVE-2012-3506 Unspecified Security Vulnerability
9816| [55876] Apache CloudStack CVE-2012-4501 Security Bypass Vulnerability
9817| [55628] Apache CXF SOAP Action Spoofing Security Bypass Vulnerability
9818| [55608] Apache Qpid (qpidd) Denial of Service Vulnerability
9819| [55536] Apache 'mod_pagespeed' Module Cross Site Scripting and Security Bypass Vulnerabilities
9820| [55508] Apache Axis2 XML Signature Wrapping Security Vulnerability
9821| [55445] Apache Wicket CVE-2012-3373 Cross Site Scripting Vulnerability
9822| [55346] Apache Struts Cross Site Request Forgery and Denial of Service Vulnerabilities
9823| [55290] Drupal Apache Solr Autocomplete Module Cross Site Scripting Vulnerability
9824| [55165] Apache Struts2 Skill Name Remote Code Execution Vulnerability
9825| [55154] Apache 'mod-rpaf' Module Denial of Service Vulnerability
9826| [55131] Apache HTTP Server HTML-Injection And Information Disclosure Vulnerabilities
9827| [54954] Apache QPID NullAuthenticator Authentication Bypass Vulnerability
9828| [54798] Apache Libcloud Man In The Middle Vulnerability
9829| [54358] Apache Hadoop CVE-2012-3376 Information Disclosure Vulnerability
9830| [54341] Apache Sling CVE-2012-2138 Denial Of Service Vulnerability
9831| [54268] Apache Hadoop Symlink Attack Local Privilege Escalation Vulnerability
9832| [54189] Apache Roller Cross Site Request Forgery Vulnerability
9833| [54187] Apache Roller CVE-2012-2381 Cross Site Scripting Vulnerability
9834| [53880] Apache CXF Child Policies Security Bypass Vulnerability
9835| [53877] Apache CXF Elements Validation Security Bypass Vulnerability
9836| [53676] Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service Vulnerability
9837| [53487] Apache POI CVE-2012-0213 Denial Of Service Vulnerability
9838| [53455] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability
9839| [53305] Apache Qpid CVE-2011-3620 Unauthorized Access Security Bypass Vulnerability
9840| [53046] Apache HTTP Server 'LD_LIBRARY_PATH' Insecure Library Loading Arbitrary Code Execution Vulnerability
9841| [53025] Apache OFBiz Unspecified Remote Code Execution Vulnerability
9842| [53023] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
9843| [52939] Apache Hadoop CVE-2012-1574 Unspecified User Impersonation Vulnerability
9844| [52702] Apache Struts2 'XSLTResult.java' Remote Arbitrary File Upload Vulnerability
9845| [52696] Apache Traffic Server HTTP Host Header Handling Heap Based Buffer Overflow Vulnerability
9846| [52680] Apache Wicket 'pageMapName' Parameter Cross Site Scripting Vulnerability
9847| [52679] Apache Wicket Hidden Files Information Disclosure Vulnerability
9848| [52565] Apache 'mod_fcgid' Module Denial Of Service Vulnerability
9849| [52146] TYPO3 Apache Solr Extension Unspecified Cross Site Scripting Vulnerability
9850| [51939] Apache MyFaces 'ln' Parameter Information Disclosure Vulnerability
9851| [51917] Apache APR Hash Collision Denial Of Service Vulnerability
9852| [51902] Apache Struts Multiple HTML Injection Vulnerabilities
9853| [51900] Apache Struts CVE-2012-1007 Multiple Cross Site Scripting Vulnerabilities
9854| [51886] Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
9855| [51869] Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9856| [51706] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
9857| [51705] Apache HTTP Server CVE-2012-0021 mod_log_config Denial Of Service Vulnerability
9858| [51628] Apache Struts 'ParameterInterceptor' Class OGNL (CVE-2011-3923) Security Bypass Vulnerability
9859| [51447] Apache Tomcat Parameter Handling Denial of Service Vulnerability
9860| [51442] Apache Tomcat Request Object Security Bypass Vulnerability
9861| [51407] Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
9862| [51257] Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
9863| [51238] Apache Geronimo Hash Collision Denial Of Service Vulnerability
9864| [51200] Apache Tomcat Hash Collision Denial Of Service Vulnerability
9865| [50940] Apache Struts Session Tampering Security Bypass Vulnerability
9866| [50912] RETIRED: Apache MyFaces CVE-2011-4343 Information Disclosure Vulnerability
9867| [50904] Apache ActiveMQ Failover Mechanism Remote Denial Of Service Vulnerability
9868| [50848] Apache MyFaces EL Expression Evaluation Security Bypass Vulnerability
9869| [50802] Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
9870| [50639] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
9871| [50603] Apache Tomcat Manager Application Security Bypass Vulnerability
9872| [50494] Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
9873| [49957] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
9874| [49762] Apache Tomcat HTTP DIGEST Authentication Multiple Security Weaknesses
9875| [49728] Apache Struts Conversion Error OGNL Expression Evaluation Vulnerability
9876| [49616] Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
9877| [49470] Apache Tomcat CVE-2007-6286 Duplicate Request Processing Security Vulnerability
9878| [49353] Apache Tomcat AJP Protocol Security Bypass Vulnerability
9879| [49303] Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability
9880| [49290] Apache Wicket Cross Site Scripting Vulnerability
9881| [49147] Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
9882| [49143] Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
9883| [48667] Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
9884| [48653] Apache 'mod_authnz_external' Module SQL Injection Vulnerability
9885| [48611] Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
9886| [48456] Apache Tomcat 'MemoryUserDatabase' Information Disclosure Vulnerability
9887| [48015] Apache Archiva Multiple Cross Site Request Forgery Vulnerabilities
9888| [48011] Apache Archiva Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9889| [47929] Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
9890| [47890] Apache Struts 'javatemplates' Plugin Multiple Cross Site Scripting Vulnerabilities
9891| [47886] Apache Tomcat SecurityConstraints Security Bypass Vulnerability
9892| [47820] Apache APR 'apr_fnmatch()' Denial of Service Vulnerability
9893| [47784] Apache Struts XWork 's:submit' HTML Tag Cross Site Scripting Vulnerability
9894| [47199] Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
9895| [47196] Apache Tomcat Login Constraints Security Bypass Vulnerability
9896| [46974] Apache HttpComponents 'HttpClient' Information Disclosure Vulnerability
9897| [46953] Apache MPM-ITK Module Security Weakness
9898| [46734] Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
9899| [46685] Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
9900| [46311] Apache Continuum and Archiva Cross Site Scripting Vulnerability
9901| [46177] Apache Tomcat SecurityManager Security Bypass Vulnerability
9902| [46174] Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
9903| [46166] Apache Tomcat JVM Denial of Service Vulnerability
9904| [46164] Apache Tomcat NIO Connector Denial of Service Vulnerability
9905| [46066] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
9906| [45655] Apache Subversion Server Component Multiple Remote Denial Of Service Vulnerabilities
9907| [45123] Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability
9908| [45095] Apache Archiva Cross Site Request Forgery Vulnerability
9909| [45015] Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
9910| [44900] Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
9911| [44616] Apache Shiro Directory Traversal Vulnerability
9912| [44355] Apache MyFaces Encrypted View State Oracle Padding Security Vulnerability
9913| [44068] Apache::AuthenHook Local Information Disclosure Vulnerability
9914| [43862] Apache QPID SSL Connection Denial of Service Vulnerability
9915| [43673] Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
9916| [43637] Apache XML-RPC SAX Parser Information Disclosure Vulnerability
9917| [43111] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
9918| [42637] Apache Derby 'BUILTIN' Authentication Insecure Password Hashing Vulnerability
9919| [42501] Apache CouchDB Cross Site Request Forgery Vulnerability
9920| [42492] Apache CXF XML DTD Processing Security Vulnerability
9921| [42121] Apache SLMS Insufficient Quoting Cross Site Request Forgery Vulnerability
9922| [42102] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
9923| [41963] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
9924| [41544] Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
9925| [41076] Apache Axis2 '/axis2/axis2-admin' Session Fixation Vulnerability
9926| [40976] Apache Axis2 Document Type Declaration Processing Security Vulnerability
9927| [40827] Apache 'mod_proxy_http' Timeout Handling Information Disclosure Vulnerability
9928| [40343] Apache Axis2 'xsd' Parameter Directory Traversal Vulnerability
9929| [40327] Apache Axis2 'engagingglobally' Cross-Site Scripting Vulnerability
9930| [39771] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
9931| [39636] Apache ActiveMQ Source Code Information Disclosure Vulnerability
9932| [39635] Apache Tomcat Authentication Header Realm Name Information Disclosure Vulnerability
9933| [39538] Apache mod_auth_shadow Race Condition Security Bypass Vulnerability
9934| [39489] Apache OFBiz Multiple Cross Site Scripting and HTML Injection Vulnerabilities
9935| [39119] Apache ActiveMQ 'createDestination.action' HTML Injection Vulnerability
9936| [38580] Apache Subrequest Handling Information Disclosure Vulnerability
9937| [38494] Apache 'mod_isapi' Memory Corruption Vulnerability
9938| [38491] Apache mod_proxy_ajp Module Incoming Request Body Denial Of Service Vulnerability
9939| [37966] Apache 1.3 mod_proxy HTTP Chunked Encoding Integer Overflow Vulnerability
9940| [37945] Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
9941| [37944] Apache Tomcat WAR File Directory Traversal Vulnerability
9942| [37942] Apache Tomcat Directory Host Appbase Authentication Bypass Vulnerability
9943| [37149] Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability
9944| [37027] RETIRED: Apache APR 'apr_uri_parse_hostinfo' Off By One Remote Code Execution Vulnerability
9945| [36990] Apache HTTP TRACE Cross Site Scripting Vulnerability
9946| [36954] Apache Tomcat Windows Installer Insecure Password Vulnerability
9947| [36889] TYPO3 Apache Solr Search Extension Unspecified Cross Site Scripting Vulnerability
9948| [36596] Apache HTTP Server Solaris Event Port Pollset Support Remote Denial Of Service Vulnerability
9949| [36260] Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
9950| [36254] Apache mod_proxy_ftp Remote Command Injection Vulnerability
9951| [35949] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
9952| [35840] Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability
9953| [35623] Apache 'mod_deflate' Remote Denial Of Service Vulnerability
9954| [35565] Apache 'mod_proxy' Remote Denial Of Service Vulnerability
9955| [35416] Apache Tomcat XML Parser Information Disclosure Vulnerability
9956| [35263] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9957| [35253] Apache APR-util 'xml/apr_xml.c' Denial of Service Vulnerability
9958| [35251] Apache APR-util 'apr_brigade_vprintf' Off By One Vulnerability
9959| [35221] Apache APR-util 'apr_strmatch_precompile()' Integer Underflow Vulnerability
9960| [35196] Apache Tomcat Form Authentication Existing/Non-Existing Username Enumeration Weakness
9961| [35193] Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
9962| [35115] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
9963| [34686] Apache Struts Multiple Cross Site Scripting Vulnerabilities
9964| [34663] Apache 'mod_proxy_ajp' Information Disclosure Vulnerability
9965| [34657] Apache Tiles Cross Site Scripting And Information Disclosure Vulnerabilities
9966| [34562] Apache Geronimo Application Server Multiple Remote Vulnerabilities
9967| [34552] Apache ActiveMQ Web Console Multiple Unspecified HTML Injection Vulnerabilities
9968| [34412] Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability
9969| [34399] Apache Struts Unspecified Cross Site Scripting Vulnerability
9970| [34383] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
9971| [33913] Apache Tomcat POST Data Information Disclosure Vulnerability
9972| [33360] Apache Jackrabbit 'q' Parameter Multiple Cross Site Scripting Vulnerabilities
9973| [33110] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
9974| [32657] Novell NetWare ApacheAdmin Security Bypass Vulnerability
9975| [31805] Apache HTTP Server OS Fingerprinting Unspecified Security Vulnerability
9976| [31761] Oracle WebLogic Server Apache Connector Stack Based Buffer Overflow Vulnerability
9977| [31698] Apache Tomcat 'RemoteFilterValve' Security Bypass Vulnerability
9978| [31165] Kolab Groupware Server Apache Log File User Password Information Disclosure Vulnerability
9979| [30560] Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
9980| [30496] Apache Tomcat 'HttpServletResponse.sendError()' Cross Site Scripting Vulnerability
9981| [30494] Apache Tomcat 'RequestDispatcher' Information Disclosure Vulnerability
9982| [29653] Apache 'mod_proxy_http' Interim Response Denial of Service Vulnerability
9983| [29502] Apache Tomcat Host Manager Cross Site Scripting Vulnerability
9984| [28576] Apache-SSL Environment Variable Information Disclosure and Privilege Escalation Vulnerability
9985| [28484] Apache Tomcat Requests Containing MS-DOS Device Names Information Disclosure Vulnerability
9986| [28483] Apache Tomcat 'allowLinking' Accepts NULL Byte in URI Information Disclosure Vulnerability
9987| [28482] Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability
9988| [28481] Apache Tomcat Cross-Site Scripting Vulnerability
9989| [28477] Apache Tomcat AJP Connector Information Disclosure Vulnerability
9990| [27752] Apache mod_jk2 Host Header Multiple Stack Based Buffer Overflow Vulnerabilities
9991| [27706] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
9992| [27703] Apache Tomcat Parameter Processing Remote Information Disclosure Vulnerability
9993| [27409] Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
9994| [27365] Apache Tomcat SingleSignOn Remote Information Disclosure Vulnerability
9995| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
9996| [27236] Apache 'mod_proxy_balancer' Multiple Vulnerabilities
9997| [27234] Apache 'mod_proxy_ftp' Undefined Charset UTF-7 Cross-Site Scripting Vulnerability
9998| [27006] Apache Tomcat JULI Logging Component Default Security Policy Vulnerability
9999| [26939] Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10000| [26838] Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
10001| [26762] Apache::AuthCAS Cookie SQL Injection Vulnerability
10002| [26663] Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
10003| [26287] Apache Geronimo SQLLoginModule Authentication Bypass Vulnerability
10004| [26070] Apache Tomcat WebDav Remote Information Disclosure Vulnerability
10005| [25804] Apache Geronimo Management EJB Security Bypass Vulnerability
10006| [25653] Apache Mod_AutoIndex.C Undefined Charset Cross-Site Scripting Vulnerability
10007| [25531] Apache Tomcat Cal2.JSP Cross-Site Scripting Vulnerability
10008| [25489] Apache HTTP Server Mod_Proxy Denial of Service Vulnerability
10009| [25316] Apache Tomcat Multiple Remote Information Disclosure Vulnerabilities
10010| [25314] Apache Tomcat Host Manager Servlet Cross Site Scripting Vulnerability
10011| [25174] Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability
10012| [24999] Apache Tomcat SendMailServlet Cross-Site Scripting Vulnerability
10013| [24759] MySQLDumper Apache Access Control Authentication Bypass Vulnerability
10014| [24649] Apache HTTP Server Mod_Cache Denial of Service Vulnerability
10015| [24645] Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability
10016| [24553] Apache Mod_Mem_Cache Information Disclosure Vulnerability
10017| [24524] Apache Tomcat Accept-Language Cross Site Scripting Vulnerability
10018| [24480] Apache MyFaces Tomahawk JSF Framework Autoscroll Parameter Cross Site Scripting Vulnerability
10019| [24476] Apache Tomcat JSP Example Web Applications Cross Site Scripting Vulnerability
10020| [24475] Apache Tomcat Manager and Host Manager Upload Script Cross-Site Scripting Vulnerability
10021| [24215] Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
10022| [24147] Apache Tomcat JK Connector Double Encoding Security Bypass Vulnerability
10023| [24058] Apache Tomcat Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10024| [23687] Apache AXIS Non-Existent WSDL Path Information Disclosure Vulnerability
10025| [23438] Apache HTTPD suEXEC Local Multiple Privilege Escalation Weaknesses
10026| [22960] Apache HTTP Server Tomcat Directory Traversal Vulnerability
10027| [22849] Apache mod_python Output Filter Mode Information Disclosure Vulnerability
10028| [22791] Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
10029| [22732] Debian Apache Root Shell Local Privilege Escalation Vulnerabilities
10030| [22388] Apache Stats Extract Function Multiple Input Validation Vulnerabilities
10031| [21865] Apache And Microsoft IIS Range Denial of Service Vulnerability
10032| [21214] Apache Mod_Auth_Kerb Off-By-One Denial of Service Vulnerability
10033| [20527] Apache Mod_TCL Remote Format String Vulnerability
10034| [19661] Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness
10035| [19447] Apache CGI Script Source Code Information Disclosure Vulnerability
10036| [19204] Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
10037| [19106] Apache Tomcat Information Disclosure Vulnerability
10038| [18138] Apache James SMTP Denial Of Service Vulnerability
10039| [17342] Apache Struts Multiple Remote Vulnerabilities
10040| [17095] Apache Log4Net Denial Of Service Vulnerability
10041| [16916] Apache mod_python FileSession Code Execution Vulnerability
10042| [16710] Apache Libapreq2 Quadratic Behavior Denial of Service Vulnerability
10043| [16260] Apache Geronimo Multiple Input Validation Vulnerabilities
10044| [16153] Apache mod_auth_pgsql Multiple Format String Vulnerabilities
10045| [16152] Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
10046| [15834] Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
10047| [15765] Apache James Spooler Memory Leak Denial Of Service Vulnerability
10048| [15762] Apache MPM Worker.C Denial Of Service Vulnerability
10049| [15512] Apache Struts Error Response Cross-Site Scripting Vulnerability
10050| [15413] PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
10051| [15325] Apache Tomcat Simultaneous Directory Listing Denial Of Service Vulnerability
10052| [15224] Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
10053| [15177] PHP Apache 2 Local Denial of Service Vulnerability
10054| [14982] ApacheTop Insecure Temporary File Creation Vulnerability
10055| [14721] Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
10056| [14660] Apache CGI Byterange Request Denial of Service Vulnerability
10057| [14366] Apache mod_ssl CRL Handling Off-By-One Buffer Overflow Vulnerability
10058| [14106] Apache HTTP Request Smuggling Vulnerability
10059| [13778] Apache HTPasswd Password Command Line Argument Buffer Overflow Vulnerability
10060| [13777] Apache HTPasswd User Command Line Argument Buffer Overflow Vulnerability
10061| [13756] Apache Tomcat Java Security Manager Bypass Vulnerability
10062| [13537] Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
10063| [12877] Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Service Vulnerability
10064| [12795] Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability
10065| [12619] Apache Software Foundation Batik Squiggle Browser Access Validation Vulnerability
10066| [12519] Apache mod_python Module Publisher Handler Information Disclosure Vulnerability
10067| [12308] Apache Utilities Insecure Temporary File Creation Vulnerability
10068| [12217] Apache mod_auth_radius Malformed RADIUS Server Reply Integer Overflow Vulnerability
10069| [12181] Mod_DOSEvasive Apache Module Local Insecure Temporary File Creation Vulnerability
10070| [11803] Apache Jakarta Results.JSP Remote Cross-Site Scripting Vulnerability
10071| [11471] Apache mod_include Local Buffer Overflow Vulnerability
10072| [11360] Apache mod_ssl SSLCipherSuite Restriction Bypass Vulnerability
10073| [11239] Apache Satisfy Directive Access Control Bypass Vulnerability
10074| [11187] Apache Web Server Remote IPv6 Buffer Overflow Vulnerability
10075| [11185] Apache Mod_DAV LOCK Denial Of Service Vulnerability
10076| [11182] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
10077| [11154] Apache mod_ssl Remote Denial of Service Vulnerability
10078| [11094] Apache mod_ssl Denial Of Service Vulnerability
10079| [10789] Apache mod_userdir Module Information Disclosure Vulnerability
10080| [10736] Apache 'mod_ssl' Log Function Format String Vulnerability
10081| [10619] Apache ap_escape_html Memory Allocation Denial Of Service Vulnerability
10082| [10508] Apache Mod_Proxy Remote Negative Content-Length Buffer Overflow Vulnerability
10083| [10478] ClueCentral Apache Suexec Patch Security Weakness
10084| [10355] Apache 'mod_ssl' 'ssl_util_uuencode_binary()' Stack Buffer Overflow Vulnerability
10085| [10212] Apache mod_auth Malformed Password Potential Memory Corruption Vulnerability
10086| [9933] Apache mod_disk_cache Module Client Authentication Credential Storage Weakness
10087| [9930] Apache Error and Access Logs Escape Sequence Injection Vulnerability
10088| [9921] Apache Connection Blocking Denial Of Service Vulnerability
10089| [9885] Apache Mod_Security Module SecFilterScanPost Off-By-One Buffer Overflow Vulnerability
10090| [9874] Apache HTAccess LIMIT Directive Bypass Configuration Error Weakness
10091| [9829] Apache Mod_Access Access Control Rule Bypass Vulnerability
10092| [9826] Apache Mod_SSL HTTP Request Remote Denial Of Service Vulnerability
10093| [9733] Apache Cygwin Directory Traversal Vulnerability
10094| [9599] Apache mod_php Global Variables Information Disclosure Weakness
10095| [9590] Apache-SSL Client Certificate Forging Vulnerability
10096| [9571] Apache mod_digest Client-Supplied Nonce Verification Vulnerability
10097| [9471] Apache mod_perl Module File Descriptor Leakage Vulnerability
10098| [9404] Mod-Auth-Shadow Apache Module Expired User Credential Weakness
10099| [9302] Apache mod_php Module File Descriptor Leakage Vulnerability
10100| [9129] Apache mod_python Module Malformed Query Denial of Service Vulnerability
10101| [8926] Apache Web Server mod_cgid Module CGI Data Redirection Vulnerability
10102| [8919] Apache Mod_Security Module Heap Corruption Vulnerability
10103| [8911] Apache Web Server Multiple Module Local Buffer Overflow Vulnerability
10104| [8898] Red Hat Apache Directory Index Default Configuration Error
10105| [8883] Apache Cocoon Directory Traversal Vulnerability
10106| [8824] Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
10107| [8822] Apache Mod_Throttle Module Local Shared Memory Corruption Vulnerability
10108| [8725] Apache2 MOD_CGI STDERR Denial Of Service Vulnerability
10109| [8707] Apache htpasswd Password Entropy Weakness
10110| [8561] Apache::Gallery Insecure Local File Storage Privilege Escalation Vulnerability
10111| [8287] Mod_Mylo Apache Module REQSTR Buffer Overflow Vulnerability
10112| [8226] Apache HTTP Server Multiple Vulnerabilities
10113| [8138] Apache Web Server Type-Map Recursive Loop Denial Of Service Vulnerability
10114| [8137] Apache Web Server Prefork MPM Denial Of Service Vulnerability
10115| [8136] Macromedia Apache Web Server Encoded Space Source Disclosure Vulnerability
10116| [8135] Apache Web Server FTP Proxy IPV6 Denial Of Service Vulnerability
10117| [8134] Apache Web Server SSLCipherSuite Weak CipherSuite Renegotiation Weakness
10118| [7768] Apache Tomcat Insecure Directory Permissions Vulnerability
10119| [7725] Apache Basic Authentication Module Valid User Login Denial Of Service Vulnerability
10120| [7723] Apache APR_PSPrintf Memory Corruption Vulnerability
10121| [7448] Apache Mod_Auth_Any Remote Command Execution Vulnerability
10122| [7375] Apache Mod_Access_Referer NULL Pointer Dereference Denial of Service Vulnerability
10123| [7332] Apache Web Server OS2 Filestat Denial Of Service Vulnerability
10124| [7255] Apache Web Server File Descriptor Leakage Vulnerability
10125| [7254] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
10126| [6943] Apache Web Server MIME Boundary Information Disclosure Vulnerability
10127| [6939] Apache Web Server ETag Header Information Disclosure Weakness
10128| [6722] Apache Tomcat Web.XML File Contents Disclosure Vulnerability
10129| [6721] Apache Tomcat Null Byte Directory/File Disclosure Vulnerability
10130| [6720] Apache Tomcat Example Web Application Cross Site Scripting Vulnerability
10131| [6662] Apache Web Server MS-DOS Device Name Denial Of Service Vulnerability
10132| [6661] Apache Web Server Default Script Mapping Bypass Vulnerability
10133| [6660] Apache Web Server Illegal Character HTTP Request File Disclosure Vulnerability
10134| [6659] Apache Web Server MS-DOS Device Name Arbitrary Code Execution Vulnerability
10135| [6562] Apache Tomcat Invoker Servlet File Disclosure Vulnerability
10136| [6320] Apache/Tomcat Mod_JK Chunked Encoding Denial Of Service Vulnerability
10137| [6117] Apache mod_php File Descriptor Leakage Vulnerability
10138| [6065] Apache 2 WebDAV CGI POST Request Information Disclosure Vulnerability
10139| [5996] Apache AB.C Web Benchmarking Buffer Overflow Vulnerability
10140| [5995] Apache AB.C Web Benchmarking Read_Connection() Buffer Overflow Vulnerability
10141| [5993] Multiple Apache HTDigest Buffer Overflow Vulnerabilities
10142| [5992] Apache HTDigest Insecure Temporary File Vulnerability
10143| [5991] Apache HTDigest Arbitrary Command Execution Vulnerability
10144| [5990] Apache HTPasswd Insecure Temporary File Vulnerability
10145| [5981] Multiple Apache HTDigest and HTPassWD Component Vulnerabilites
10146| [5884] Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
10147| [5847] Apache Server Side Include Cross Site Scripting Vulnerability
10148| [5838] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10149| [5816] Apache 2 mod_dav Denial Of Service Vulnerability
10150| [5791] HP VirtualVault Apache mod_ssl Denial Of Service Vulnerability
10151| [5787] Apache Oversized STDERR Buffer Denial Of Service Vulnerability
10152| [5786] Apache Tomcat DefaultServlet File Disclosure Vulnerability
10153| [5542] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10154| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
10155| [5485] Apache 2.0 Path Disclosure Vulnerability
10156| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10157| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
10158| [5194] Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
10159| [5193] Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
10160| [5067] Apache Tomcat Null Character Malformed Request Denial Of Service Vulnerability
10161| [5054] Apache Tomcat Web Root Path Disclosure Vulnerability
10162| [5033] Apache Chunked-Encoding Memory Corruption Vulnerability
10163| [4995] Apache Tomcat JSP Engine Denial of Service Vulnerability
10164| [4878] Apache Tomcat RealPath.JSP Malformed Request Information Disclosure Vulnerability
10165| [4877] Apache Tomcat Example Files Web Root Path Disclosure Vulnerability
10166| [4876] Apache Tomcat Source.JSP Malformed Request Information Disclosure Vulnerability
10167| [4575] Apache Tomcat Servlet Path Disclosure Vulnerability
10168| [4557] Apache Tomcat System Path Information Disclosure Vulnerability
10169| [4437] Apache Error Message Cross-Site Scripting Vulnerability
10170| [4431] Apache PrintEnv/Test_CGI Script Injection Vulnerability
10171| [4358] Apache Double-Reverse Lookup Log Entry Spoofing Vulnerability
10172| [4335] Apache Win32 Batch File Remote Command Execution Vulnerability
10173| [4292] Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
10174| [4189] Apache mod_ssl/Apache-SSL Buffer Overflow Vulnerability
10175| [4057] Apache 2 for Windows OPTIONS request Path Disclosure Vulnerability
10176| [4056] Apache 2 for Windows php.exe Path Disclosure Vulnerability
10177| [4037] Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
10178| [4032] Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
10179| [3796] Apache HTTP Request Unexpected Behavior Vulnerability
10180| [3790] Apache Non-Existent Log Directory Denial Of Service Vulnerability
10181| [3786] Apache Win32 PHP.EXE Remote File Disclosure Vulnerability
10182| [3727] Oracle 9I Application Server PL/SQL Apache Module Directory Traversal Vulnerability
10183| [3726] Oracle 9I Application Server PL/SQL Apache Module Buffer Overflow Vulnerability
10184| [3596] Apache Split-Logfile File Append Vulnerability
10185| [3521] Apache mod_usertrack Predictable ID Generation Vulnerability
10186| [3335] Red Hat Linux Apache Remote Username Enumeration Vulnerability
10187| [3316] MacOS X Client Apache Directory Contents Disclosure Vulnerability
10188| [3256] Apache mod_auth_oracle Remote SQL Query Manipulation Vulnerability
10189| [3255] Apache mod_auth_mysql Remote SQL Query Manipulation Vulnerability
10190| [3254] Apache AuthPG Remote SQL Query Manipulation Vulnerability
10191| [3253] Apache mod_auth_pgsql_sys Remote SQL Query Manipulation Vulnerability
10192| [3251] Apache mod_auth_pgsql Remote SQL Query Manipulation Vulnerability
10193| [3176] Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability
10194| [3169] Apache Server Address Disclosure Vulnerability
10195| [3009] Apache Possible Directory Index Disclosure Vulnerability
10196| [2982] Apache Tomcat Cross-Site Scripting Vulnerability
10197| [2852] MacOS X Client Apache File Protection Bypass Vulnerability
10198| [2740] Apache Web Server HTTP Request Denial of Service Vulnerability
10199| [2518] Apache Tomcat 3.0 Directory Traversal Vulnerability
10200| [2503] Apache Artificially Long Slash Path Directory Listing Vulnerability
10201| [2300] NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
10202| [2216] Apache Web Server DoS Vulnerability
10203| [2182] Apache /tmp File Race Vulnerability
10204| [2171] Oracle Apache+WebDB Documented Backdoor Vulnerability
10205| [2060] Apache Web Server with Php 3 File Disclosure Vulnerability
10206| [1821] Apache mod_cookies Buffer Overflow Vulnerability
10207| [1728] Apache Rewrite Module Arbitrary File Disclosure Vulnerability
10208| [1658] SuSE Apache CGI Source Code Viewing Vulnerability
10209| [1656] SuSE Apache WebDAV Directory Listings Vulnerability
10210| [1575] Trustix Apache-SSL RPM Permissions Vulnerability
10211| [1548] Apache Jakarta-Tomcat /admin Context Vulnerability
10212| [1532] Apache Tomcat Snoop Servlet Information Disclosure Vulnerability
10213| [1531] Apache Tomcat 3.1 Path Revealing Vulnerability
10214| [1457] Apache::ASP source.asp Example Script Vulnerability
10215| [1284] Apache HTTP Server (win32) Root Directory Access Vulnerability
10216| [1083] Cobalt Raq Apache .htaccess Disclosure Vulnerability
10217|
10218| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10219| [86258] Apache CloudStack text fields cross-site scripting
10220| [85983] Apache Subversion mod_dav_svn module denial of service
10221| [85875] Apache OFBiz UEL code execution
10222| [85874] Apache OFBiz Webtools View Log screen cross-site scripting
10223| [85871] Apache HTTP Server mod_session_dbd unspecified
10224| [85756] Apache Struts OGNL expression command execution
10225| [85755] Apache Struts DefaultActionMapper class open redirect
10226| [85586] Apache ActiveMQ CVE-2013-1879 cross-site scripting
10227| [85574] Apache HTTP Server mod_dav denial of service
10228| [85573] Apache Struts Showcase App OGNL code execution
10229| [85496] Apache CXF denial of service
10230| [85423] Apache Geronimo RMI classloader code execution
10231| [85326] Apache Santuario XML Security for C++ buffer overflow
10232| [85323] Apache Santuario XML Security for Java spoofing
10233| [85319] Apache Qpid Python client SSL spoofing
10234| [85019] Apache Santuario XML Security for C++ CVE-2013-2156 buffer overflow
10235| [85018] Apache Santuario XML Security for C++ CVE-2013-2155 denial of service
10236| [85017] Apache Santuario XML Security for C++ CVE-2013-2154 buffer overflow
10237| [85016] Apache Santuario XML Security for C++ CVE-2013-2153 spoofing
10238| [84952] Apache Tomcat CVE-2012-3544 denial of service
10239| [84763] Apache Struts CVE-2013-2135 security bypass
10240| [84762] Apache Struts CVE-2013-2134 security bypass
10241| [84719] Apache Subversion CVE-2013-2088 command execution
10242| [84718] Apache Subversion CVE-2013-2112 denial of service
10243| [84717] Apache Subversion CVE-2013-1968 denial of service
10244| [84577] Apache Tomcat security bypass
10245| [84576] Apache Tomcat symlink
10246| [84543] Apache Struts CVE-2013-2115 security bypass
10247| [84542] Apache Struts CVE-2013-1966 security bypass
10248| [84154] Apache Tomcat session hijacking
10249| [84144] Apache Tomcat denial of service
10250| [84143] Apache Tomcat information disclosure
10251| [84111] Apache HTTP Server command execution
10252| [84043] Apache Virtual Computing Lab cross-site scripting
10253| [84042] Apache Virtual Computing Lab cross-site scripting
10254| [83782] Apache CloudStack information disclosure
10255| [83781] Apache CloudStack security bypass
10256| [83720] Apache ActiveMQ cross-site scripting
10257| [83719] Apache ActiveMQ denial of service
10258| [83718] Apache ActiveMQ denial of service
10259| [83263] Apache Subversion denial of service
10260| [83262] Apache Subversion denial of service
10261| [83261] Apache Subversion denial of service
10262| [83259] Apache Subversion denial of service
10263| [83035] Apache mod_ruid2 security bypass
10264| [82852] Apache Qpid federation_tag security bypass
10265| [82851] Apache Qpid qpid::framing::Buffer denial of service
10266| [82758] Apache Rave User RPC API information disclosure
10267| [82663] Apache Subversion svn_fs_file_length() denial of service
10268| [82642] Apache Qpid qpid::framing::Buffer::checkAvailable() denial of service
10269| [82641] Apache Qpid AMQP denial of service
10270| [82626] Apache HTTP Server on Debian GNU/Linux Debian apache2ctl symlink
10271| [82618] Apache Commons FileUpload symlink
10272| [82360] Apache HTTP Server manager interface cross-site scripting
10273| [82359] Apache HTTP Server hostnames cross-site scripting
10274| [82338] Apache Tomcat log/logdir information disclosure
10275| [82328] Apache Maven and Apache Maven Wagon SSL spoofing
10276| [82268] Apache OpenJPA deserialization command execution
10277| [81981] Apache CXF UsernameTokens security bypass
10278| [81980] Apache CXF WS-Security security bypass
10279| [81398] Apache OFBiz cross-site scripting
10280| [81240] Apache CouchDB directory traversal
10281| [81226] Apache CouchDB JSONP code execution
10282| [81225] Apache CouchDB Futon user interface cross-site scripting
10283| [81211] Apache Axis2/C SSL spoofing
10284| [81167] Apache CloudStack DeployVM information disclosure
10285| [81166] Apache CloudStack AddHost API information disclosure
10286| [81165] Apache CloudStack createSSHKeyPair API information disclosure
10287| [80518] Apache Tomcat cross-site request forgery security bypass
10288| [80517] Apache Tomcat FormAuthenticator security bypass
10289| [80516] Apache Tomcat NIO denial of service
10290| [80408] Apache Tomcat replay-countermeasure security bypass
10291| [80407] Apache Tomcat HTTP Digest Access Authentication security bypass
10292| [80317] Apache Tomcat slowloris denial of service
10293| [79984] Apache Commons HttpClient SSL spoofing
10294| [79983] Apache CXF SSL spoofing
10295| [79830] Apache Axis2/Java SSL spoofing
10296| [79829] Apache Axis SSL spoofing
10297| [79809] Apache Tomcat DIGEST security bypass
10298| [79806] Apache Tomcat parseHeaders() denial of service
10299| [79540] Apache OFBiz unspecified
10300| [79487] Apache Axis2 SAML security bypass
10301| [79212] Apache Cloudstack code execution
10302| [78734] Apache CXF SOAP Action security bypass
10303| [78730] Apache Qpid broker denial of service
10304| [78617] Eucalyptus Apache Santuario (XML Security for Java) denial of service
10305| [78563] Apache mod_pagespeed module unspecified cross-site scripting
10306| [78562] Apache mod_pagespeed module security bypass
10307| [78454] Apache Axis2 security bypass
10308| [78452] Websense Web Security and Web Filter Apache Tomcat information disclosure
10309| [78451] Websense Web Security and Web Filter Apache Tomcat cross-site scripting
10310| [78321] Apache Wicket unspecified cross-site scripting
10311| [78183] Apache Struts parameters denial of service
10312| [78182] Apache Struts cross-site request forgery
10313| [78153] Apache Solr Autocomplete module for Drupal autocomplete results cross-site scripting
10314| [77987] mod_rpaf module for Apache denial of service
10315| [77958] Apache Struts skill name code execution
10316| [77914] Apache HTTP Server mod_negotiation module cross-site scripting
10317| [77913] Apache HTTP Server mod_proxy_ajp information disclosure
10318| [77568] Apache Qpid broker security bypass
10319| [77421] Apache Libcloud spoofing
10320| [77059] Oracle Solaris Cluster Apache Tomcat Agent unspecified
10321| [77046] Oracle Solaris Apache HTTP Server information disclosure
10322| [76837] Apache Hadoop information disclosure
10323| [76802] Apache Sling CopyFrom denial of service
10324| [76692] Apache Hadoop symlink
10325| [76535] Apache Roller console cross-site request forgery
10326| [76534] Apache Roller weblog cross-site scripting
10327| [76152] Apache CXF elements security bypass
10328| [76151] Apache CXF child policies security bypass
10329| [75983] MapServer for Windows Apache file include
10330| [75857] Apache Commons Compress and Apache Ant bzip2 denial of service
10331| [75558] Apache POI denial of service
10332| [75545] PHP apache_request_headers() buffer overflow
10333| [75302] Apache Qpid SASL security bypass
10334| [75211] Debian GNU/Linux apache 2 cross-site scripting
10335| [74901] Apache HTTP Server LD_LIBRARY_PATH privilege escalation
10336| [74871] Apache OFBiz FlexibleStringExpander code execution
10337| [74870] Apache OFBiz multiple cross-site scripting
10338| [74750] Apache Hadoop unspecified spoofing
10339| [74319] Apache Struts XSLTResult.java file upload
10340| [74313] Apache Traffic Server header buffer overflow
10341| [74276] Apache Wicket directory traversal
10342| [74273] Apache Wicket unspecified cross-site scripting
10343| [74181] Apache HTTP Server mod_fcgid module denial of service
10344| [73690] Apache Struts OGNL code execution
10345| [73432] Apache Solr extension for TYPO3 unspecified cross-site scripting
10346| [73100] Apache MyFaces in directory traversal
10347| [73096] Apache APR hash denial of service
10348| [73052] Apache Struts name cross-site scripting
10349| [73030] Apache CXF UsernameToken security bypass
10350| [72888] Apache Struts lastName cross-site scripting
10351| [72758] Apache HTTP Server httpOnly information disclosure
10352| [72757] Apache HTTP Server MPM denial of service
10353| [72585] Apache Struts ParameterInterceptor security bypass
10354| [72438] Apache Tomcat Digest security bypass
10355| [72437] Apache Tomcat Digest security bypass
10356| [72436] Apache Tomcat DIGEST security bypass
10357| [72425] Apache Tomcat parameter denial of service
10358| [72422] Apache Tomcat request object information disclosure
10359| [72377] Apache HTTP Server scoreboard security bypass
10360| [72345] Apache HTTP Server HTTP request denial of service
10361| [72229] Apache Struts ExceptionDelegator command execution
10362| [72089] Apache Struts ParameterInterceptor directory traversal
10363| [72088] Apache Struts CookieInterceptor command execution
10364| [72047] Apache Geronimo hash denial of service
10365| [72016] Apache Tomcat hash denial of service
10366| [71711] Apache Struts OGNL expression code execution
10367| [71654] Apache Struts interfaces security bypass
10368| [71620] Apache ActiveMQ failover denial of service
10369| [71617] Apache HTTP Server mod_proxy module information disclosure
10370| [71508] Apache MyFaces EL security bypass
10371| [71445] Apache HTTP Server mod_proxy security bypass
10372| [71203] Apache Tomcat servlets privilege escalation
10373| [71181] Apache HTTP Server ap_pregsub() denial of service
10374| [71093] Apache HTTP Server ap_pregsub() buffer overflow
10375| [70336] Apache HTTP Server mod_proxy information disclosure
10376| [69804] Apache HTTP Server mod_proxy_ajp denial of service
10377| [69472] Apache Tomcat AJP security bypass
10378| [69396] Apache HTTP Server ByteRange filter denial of service
10379| [69394] Apache Wicket multi window support cross-site scripting
10380| [69176] Apache Tomcat XML information disclosure
10381| [69161] Apache Tomcat jsvc information disclosure
10382| [68799] mod_authnz_external module for Apache mysql-auth.pl SQL injection
10383| [68541] Apache Tomcat sendfile information disclosure
10384| [68420] Apache XML Security denial of service
10385| [68238] Apache Tomcat JMX information disclosure
10386| [67860] Apache Rampart/C rampart_timestamp_token_validate security bypass
10387| [67804] Apache Subversion control rules information disclosure
10388| [67803] Apache Subversion control rules denial of service
10389| [67802] Apache Subversion baselined denial of service
10390| [67672] Apache Archiva multiple cross-site scripting
10391| [67671] Apache Archiva multiple cross-site request forgery
10392| [67564] Apache APR apr_fnmatch() denial of service
10393| [67532] IBM WebSphere Application Server org.apache.jasper.runtime.JspWriterImpl.response denial of service
10394| [67515] Apache Tomcat annotations security bypass
10395| [67480] Apache Struts s:submit information disclosure
10396| [67414] Apache APR apr_fnmatch() denial of service
10397| [67356] Apache Struts javatemplates cross-site scripting
10398| [67354] Apache Struts Xwork cross-site scripting
10399| [66676] Apache Tomcat HTTP BIO information disclosure
10400| [66675] Apache Tomcat web.xml security bypass
10401| [66640] Apache HttpComponents HttpClient Proxy-Authorization information disclosure
10402| [66241] Apache HttpComponents information disclosure
10403| [66154] Apache Tomcat ServletSecurity security bypass
10404| [65971] Apache Tomcat ServletSecurity security bypass
10405| [65876] Apache Subversion mod_dav_svn denial of service
10406| [65343] Apache Continuum unspecified cross-site scripting
10407| [65162] Apache Tomcat NIO connector denial of service
10408| [65161] Apache Tomcat javax.servlet.ServletRequest.getLocale() denial of service
10409| [65160] Apache Tomcat HTML Manager interface cross-site scripting
10410| [65159] Apache Tomcat ServletContect security bypass
10411| [65050] Apache CouchDB web-based administration UI cross-site scripting
10412| [64773] Oracle HTTP Server Apache Plugin unauthorized access
10413| [64473] Apache Subversion blame -g denial of service
10414| [64472] Apache Subversion walk() denial of service
10415| [64407] Apache Axis2 CVE-2010-0219 code execution
10416| [63926] Apache Archiva password privilege escalation
10417| [63785] Apache CouchDB LD_LIBRARY_PATH privilege escalation
10418| [63493] Apache Archiva credentials cross-site request forgery
10419| [63477] Apache Tomcat HttpOnly session hijacking
10420| [63422] Apache Tomcat sessionsList.jsp cross-site scripting
10421| [63303] Apache mod_fcgid module fcgid_header_bucket_read() buffer overflow
10422| [62959] Apache Shiro filters security bypass
10423| [62790] Apache Perl cgi module denial of service
10424| [62576] Apache Qpid exchange denial of service
10425| [62575] Apache Qpid AMQP denial of service
10426| [62354] Apache Qpid SSL denial of service
10427| [62235] Apache APR-util apr_brigade_split_line() denial of service
10428| [62181] Apache XML-RPC SAX Parser information disclosure
10429| [61721] Apache Traffic Server cache poisoning
10430| [61202] Apache Derby BUILTIN authentication functionality information disclosure
10431| [61186] Apache CouchDB Futon cross-site request forgery
10432| [61169] Apache CXF DTD denial of service
10433| [61070] Apache Jackrabbit search.jsp SQL injection
10434| [61006] Apache SLMS Quoting cross-site request forgery
10435| [60962] Apache Tomcat time cross-site scripting
10436| [60883] Apache mod_proxy_http information disclosure
10437| [60671] Apache HTTP Server mod_cache and mod_dav denial of service
10438| [60264] Apache Tomcat Transfer-Encoding denial of service
10439| [59746] Apache Axis2 axis2/axis2-admin page session hijacking
10440| [59588] Apache Axis2/Java XML DTD (Document Type Declaration) data denial of service
10441| [59413] Apache mod_proxy_http timeout information disclosure
10442| [59058] Apache MyFaces unencrypted view state cross-site scripting
10443| [58827] Apache Axis2 xsd file include
10444| [58790] Apache Axis2 modules cross-site scripting
10445| [58299] Apache ActiveMQ queueBrowse cross-site scripting
10446| [58169] Apache Tomcat Web Application Manager / Host Manager cross-site request forgery
10447| [58056] Apache ActiveMQ .jsp source code disclosure
10448| [58055] Apache Tomcat realm name information disclosure
10449| [58046] Apache HTTP Server mod_auth_shadow security bypass
10450| [57841] Apache Open For Business Project (OFBiz) subject cross-site scripting
10451| [57840] Apache Open For Business Project (OFBiz) multiple parameters cross-site scripting
10452| [57429] Apache CouchDB algorithms information disclosure
10453| [57398] Apache ActiveMQ Web console cross-site request forgery
10454| [57397] Apache ActiveMQ createDestination.action cross-site scripting
10455| [56653] Apache HTTP Server DNS spoofing
10456| [56652] Apache HTTP Server DNS cross-site scripting
10457| [56625] Apache HTTP Server request header information disclosure
10458| [56624] Apache HTTP Server mod_isapi orphaned callback pointer code execution
10459| [56623] Apache HTTP Server mod_proxy_ajp denial of service
10460| [55941] mod_proxy module for Apache ap_proxy_send_fb() buffer overflow
10461| [55857] Apache Tomcat WAR files directory traversal
10462| [55856] Apache Tomcat autoDeploy attribute security bypass
10463| [55855] Apache Tomcat WAR directory traversal
10464| [55210] Intuit component for Joomla! Apache information disclosure
10465| [54533] Apache Tomcat 404 error page cross-site scripting
10466| [54182] Apache Tomcat admin default password
10467| [53878] Apache Solr Search (solr) extension for TYPO3 unspecified cross-site scripting
10468| [53666] Apache HTTP Server Solaris pollset support denial of service
10469| [53650] Apache HTTP Server HTTP basic-auth module security bypass
10470| [53124] mod_proxy_ftp module for Apache HTTP header security bypass
10471| [53041] mod_proxy_ftp module for Apache denial of service
10472| [52540] Apache Portable Runtime and Apache Portable Utility library multiple buffer overflow
10473| [51953] Apache Tomcat Path Disclosure
10474| [51952] Apache Tomcat Path Traversal
10475| [51951] Apache stronghold-status Information Disclosure
10476| [51950] Apache stronghold-info Information Disclosure
10477| [51949] Apache PHP Source Code Disclosure
10478| [51948] Apache Multiviews Attack
10479| [51946] Apache JServ Environment Status Information Disclosure
10480| [51945] Apache error_log Information Disclosure
10481| [51944] Apache Default Installation Page Pattern Found
10482| [51943] Apache AXIS XML Parser echoheaders.jws Sample Web Service Denial of Service
10483| [51942] Apache AXIS XML External Entity File Retrieval
10484| [51941] Apache AXIS Sample Servlet Information Leak
10485| [51940] Apache access_log Information Disclosure
10486| [51626] Apache mod_deflate denial of service
10487| [51532] mod_proxy module for the Apache HTTP Server stream_reqbody_cl denial of service
10488| [51365] Apache Tomcat RequestDispatcher security bypass
10489| [51273] Apache HTTP Server Incomplete Request denial of service
10490| [51195] Apache Tomcat XML information disclosure
10491| [50994] Apache APR-util xml/apr_xml.c denial of service
10492| [50993] Apache APR-util apr_brigade_vprintf denial of service
10493| [50964] Apache APR-util apr_strmatch_precompile() denial of service
10494| [50930] Apache Tomcat j_security_check information disclosure
10495| [50928] Apache Tomcat AJP denial of service
10496| [50884] Apache HTTP Server XML ENTITY denial of service
10497| [50808] Apache HTTP Server AllowOverride privilege escalation
10498| [50108] Apache Struts s:a tag and s:url tag cross-site scripting
10499| [50059] Apache mod_proxy_ajp information disclosure
10500| [49951] Apache Tiles Expression Language (EL) expressions cross-site scripting
10501| [49925] Apache Geronimo Web Administrative Console cross-site request forgery
10502| [49924] Apache Geronimo console/portal/Server/Monitoring cross-site scripting
10503| [49921] Apache ActiveMQ Web interface cross-site scripting
10504| [49898] Apache Geronimo Services/Repository directory traversal
10505| [49725] Apache Tomcat mod_jk module information disclosure
10506| [49715] Apache mod_perl Apache::Status and Apache2::Status modules cross-site scripting
10507| [49712] Apache Struts unspecified cross-site scripting
10508| [49213] Apache Tomcat cal2.jsp cross-site scripting
10509| [48934] Apache Tomcat POST doRead method information disclosure
10510| [48211] Apache Tomcat header HTTP request smuggling
10511| [48163] libapache2-mod-auth-mysql module for Debian multibyte encoding SQL injection
10512| [48110] Apache Jackrabbit search.jsp and swr.jsp cross-site scripting
10513| [47709] Apache Roller "
10514| [47104] Novell Netware ApacheAdmin console security bypass
10515| [47086] Apache HTTP Server OS fingerprinting unspecified
10516| [46329] Apache Struts FilterDispatcher and DefaultStaticContentLoader class directory traversal
10517| [45791] Apache Tomcat RemoteFilterValve security bypass
10518| [44435] Oracle WebLogic Apache Connector buffer overflow
10519| [44411] Apache Tomcat allowLinking UTF-8 directory traversal
10520| [44223] Apache HTTP Server mod_proxy_ftp cross-site scripting
10521| [44156] Apache Tomcat RequestDispatcher directory traversal
10522| [44155] Apache Tomcat HttpServletResponse.sendError() cross-site scripting
10523| [43885] Oracle WebLogic Server Apache Connector buffer overflow
10524| [42987] Apache HTTP Server mod_proxy module denial of service
10525| [42915] Apache Tomcat JSP files path disclosure
10526| [42914] Apache Tomcat MS-DOS path disclosure
10527| [42892] Apache Tomcat unspecified unauthorized access
10528| [42816] Apache Tomcat Host Manager cross-site scripting
10529| [42303] Apache 403 error cross-site scripting
10530| [41618] Apache-SSL ExpandCert() authentication bypass
10531| [40761] Apache Derby RDBNAM parameter and DatabaseMetaData.getURL information disclosure
10532| [40736] Apache Tomcat HTTP/1.1 connector information disclosure
10533| [40614] Apache mod_jk2 HTTP Host header buffer overflow
10534| [40562] Apache Geronimo init information disclosure
10535| [40478] Novell Web Manager webadmin-apache.conf security bypass
10536| [40411] Apache Tomcat exception handling information disclosure
10537| [40409] Apache Tomcat native (APR based) connector weak security
10538| [40403] Apache Tomcat quotes and %5C cookie information disclosure
10539| [40388] Sun Java Plug-In org.apache.crimson.tree.XmlDocument security bypass
10540| [39893] Apache HTTP Server mod_negotiation HTTP response splitting
10541| [39867] Apache HTTP Server mod_negotiation cross-site scripting
10542| [39804] Apache Tomcat SingleSignOn information disclosure
10543| [39615] Apache HTTP Server mod_proxy_ftp.c UTF-7 cross-site scripting
10544| [39612] Apache HTTP Server mod_proxy_balancer buffer overflow
10545| [39608] Apache HTTP Server balancer manager cross-site request forgery
10546| [39476] Apache mod_proxy_balancer balancer_handler function denial of service
10547| [39474] Apache HTTP Server mod_proxy_balancer cross-site scripting
10548| [39472] Apache HTTP Server mod_status cross-site scripting
10549| [39201] Apache Tomcat JULI logging weak security
10550| [39158] Apache HTTP Server Windows SMB shares information disclosure
10551| [39001] Apache HTTP Server mod_imap and mod_imagemap module cross-site scripting
10552| [38951] Apache::AuthCAS Perl module cookie SQL injection
10553| [38800] Apache HTTP Server 413 error page cross-site scripting
10554| [38211] Apache Geronimo SQLLoginModule authentication bypass
10555| [37243] Apache Tomcat WebDAV directory traversal
10556| [37178] RHSA update for Apache HTTP Server mod_status module cross-site scripting not installed
10557| [37177] RHSA update for Apache HTTP Server Apache child process denial of service not installed
10558| [37119] RHSA update for Apache mod_auth_kerb off-by-one buffer overflow not installed
10559| [37100] RHSA update for Apache and IBM HTTP Server Expect header cross-site scripting not installed
10560| [36782] Apache Geronimo MEJB unauthorized access
10561| [36586] Apache HTTP Server UTF-7 cross-site scripting
10562| [36468] Apache Geronimo LoginModule security bypass
10563| [36467] Apache Tomcat functions.jsp cross-site scripting
10564| [36402] Apache Tomcat calendar cross-site request forgery
10565| [36354] Apache HTTP Server mod_proxy module denial of service
10566| [36352] Apache HTTP Server ap_proxy_date_canon() denial of service
10567| [36336] Apache Derby lock table privilege escalation
10568| [36335] Apache Derby schema privilege escalation
10569| [36006] Apache Tomcat "
10570| [36001] Apache Tomcat Host Manager Servlet alias cross-site scripting
10571| [35999] Apache Tomcat \"
10572| [35795] Apache Tomcat CookieExample cross-site scripting
10573| [35536] Apache Tomcat SendMailServlet example cross-site scripting
10574| [35384] Apache HTTP Server mod_cache module denial of service
10575| [35097] Apache HTTP Server mod_status module cross-site scripting
10576| [35095] Apache HTTP Server Prefork MPM module denial of service
10577| [34984] Apache HTTP Server recall_headers information disclosure
10578| [34966] Apache HTTP Server MPM content spoofing
10579| [34965] Apache HTTP Server MPM information disclosure
10580| [34963] Apache HTTP Server MPM multiple denial of service
10581| [34872] Apache MyFaces Tomahawk autoscroll parameter cross-site scripting
10582| [34869] Apache Tomcat JSP example Web application cross-site scripting
10583| [34868] Apache Tomcat Manager and Host Manager cross-site scripting
10584| [34496] Apache Tomcat JK Connector security bypass
10585| [34377] Apache Tomcat hello.jsp cross-site scripting
10586| [34212] Apache Tomcat SSL configuration security bypass
10587| [34210] Apache Tomcat Accept-Language cross-site scripting
10588| [34209] Apache Tomcat calendar application cross-site scripting
10589| [34207] Apache Tomcat implicit-objects.jsp cross-site scripting
10590| [34167] Apache Axis WSDL file path disclosure
10591| [34068] Apache Tomcat AJP connector information disclosure
10592| [33584] Apache HTTP Server suEXEC privilege escalation
10593| [32988] Apache Tomcat proxy module directory traversal
10594| [32794] Apache Tomcat JK Web Server Connector map_uri_to_worker() buffer overflow
10595| [32708] Debian Apache tty privilege escalation
10596| [32441] ApacheStats extract() PHP call unspecified
10597| [32128] Apache Tomcat default account
10598| [31680] Apache Tomcat RequestParamExample cross-site scripting
10599| [31649] Apache Tomcat Sample Servlet TroubleShooter detected
10600| [31557] BEA WebLogic Server and WebLogic Express Apache proxy plug-in denial of service
10601| [31236] Apache HTTP Server htpasswd.c strcpy buffer overflow
10602| [30456] Apache mod_auth_kerb off-by-one buffer overflow
10603| [29550] Apache mod_tcl set_var() format string
10604| [28620] Apache and IBM HTTP Server Expect header cross-site scripting
10605| [28357] Apache HTTP Server mod_alias script source information disclosure
10606| [28063] Apache mod_rewrite off-by-one buffer overflow
10607| [27902] Apache Tomcat URL information disclosure
10608| [26786] Apache James SMTP server denial of service
10609| [25680] libapache2 /tmp/svn file upload
10610| [25614] Apache Struts lookupMap cross-site scripting
10611| [25613] Apache Struts ActionForm denial of service
10612| [25612] Apache Struts isCancelled() security bypass
10613| [24965] Apache mod_python FileSession command execution
10614| [24716] Apache James spooler memory leak denial of service
10615| [24159] Apache Geronimo Web-Access-Log Viewer cross-site scripting
10616| [24158] Apache Geronimo jsp-examples cross-site scripting
10617| [24030] Apache auth_ldap module multiple format strings
10618| [24008] Apache mod_ssl custom error message denial of service
10619| [24003] Apache mod_auth_pgsql module multiple syslog format strings
10620| [23612] Apache mod_imap referer field cross-site scripting
10621| [23173] Apache Struts error message cross-site scripting
10622| [22942] Apache Tomcat directory listing denial of service
10623| [22858] Apache Multi-Processing Module code allows denial of service
10624| [22602] RHSA-2005:582 updates for Apache httpd not installed
10625| [22520] Apache mod-auth-shadow "
10626| [22466] ApacheTop symlink
10627| [22109] Apache HTTP Server ssl_engine_kernel client certificate validation
10628| [22006] Apache HTTP Server byte-range filter denial of service
10629| [21567] Apache mod_ssl off-by-one buffer overflow
10630| [21195] Apache HTTP Server header HTTP request smuggling
10631| [20383] Apache HTTP Server htdigest buffer overflow
10632| [19681] Apache Tomcat AJP12 request denial of service
10633| [18993] Apache HTTP server check_forensic symlink attack
10634| [18790] Apache Tomcat Manager cross-site scripting
10635| [18349] Apache HTTP server Apple HFS+ filesystem obtain information
10636| [18348] Apache HTTP server Apple HFS+ filesystem .DS_Store and .ht file disclosure
10637| [18347] Apache HTTP server Apple Mac OS X Server mod_digest_apple module could allow an attacker to replay responses
10638| [17961] Apache Web server ServerTokens has not been set
10639| [17930] Apache HTTP Server HTTP GET request denial of service
10640| [17785] Apache mod_include module buffer overflow
10641| [17671] Apache HTTP Server SSLCipherSuite bypass restrictions
10642| [17473] Apache HTTP Server Satisfy directive allows access to resources
10643| [17413] Apache htpasswd buffer overflow
10644| [17384] Apache HTTP Server environment variable configuration file buffer overflow
10645| [17382] Apache HTTP Server IPv6 apr_util denial of service
10646| [17366] Apache HTTP Server mod_dav module LOCK denial of service
10647| [17273] Apache HTTP Server speculative mode denial of service
10648| [17200] Apache HTTP Server mod_ssl denial of service
10649| [16890] Apache HTTP Server server-info request has been detected
10650| [16889] Apache HTTP Server server-status request has been detected
10651| [16705] Apache mod_ssl format string attack
10652| [16524] Apache HTTP Server ap_get_mime_headers_core denial of service
10653| [16387] Apache HTTP Server mod_proxy Content-Length buffer overflow
10654| [16230] Apache HTTP Server PHP denial of service
10655| [16214] Apache mod_ssl ssl_util_uuencode_binary buffer overflow
10656| [15958] Apache HTTP Server authentication modules memory corruption
10657| [15547] Apache HTTP Server mod_disk_cache local information disclosure
10658| [15540] Apache HTTP Server socket starvation denial of service
10659| [15467] Novell GroupWise WebAccess using Apache Web server allows viewing of files on the server
10660| [15422] Apache HTTP Server mod_access information disclosure
10661| [15419] Apache HTTP Server mod_ssl plain HTTP request denial of service
10662| [15293] Apache for Cygwin "
10663| [15065] Apache-SSL has a default password
10664| [15041] Apache HTTP Server mod_digest module could allow an attacker to replay responses
10665| [15015] Apache httpd server httpd.conf could allow a local user to bypass restrictions
10666| [14751] Apache Mod_python output filter information disclosure
10667| [14125] Apache HTTP Server mod_userdir module information disclosure
10668| [14075] Apache HTTP Server mod_php file descriptor leak
10669| [13703] Apache HTTP Server account
10670| [13689] Apache HTTP Server configuration allows symlinks
10671| [13688] Apache HTTP Server configuration allows SSI
10672| [13687] Apache HTTP Server Server: header value
10673| [13685] Apache HTTP Server ServerTokens value
10674| [13684] Apache HTTP Server ServerSignature value
10675| [13672] Apache HTTP Server config allows directory autoindexing
10676| [13671] Apache HTTP Server default content
10677| [13670] Apache HTTP Server config file directive references outside content root
10678| [13668] Apache HTTP Server httpd not running in chroot environment
10679| [13666] Apache HTTP Server CGI directory contains possible command interpreter or compiler
10680| [13664] Apache HTTP Server config file contains ScriptAlias entry
10681| [13663] Apache HTTP Server CGI support modules loaded
10682| [13661] Apache HTTP Server config file contains AddHandler entry
10683| [13660] Apache HTTP Server 500 error page not CGI script
10684| [13659] Apache HTTP Server 413 error page not CGI script
10685| [13658] Apache HTTP Server 403 error page not CGI script
10686| [13657] Apache HTTP Server 401 error page not CGI script
10687| [13552] Apache HTTP Server mod_cgid module information disclosure
10688| [13550] Apache GET request directory traversal
10689| [13516] Apache Cocoon XMLForm and JXForm could allow execution of code
10690| [13499] Apache Cocoon directory traversal allows downloading of boot.ini file
10691| [13429] Apache Tomcat non-HTTP request denial of service
10692| [13400] Apache HTTP server mod_alias and mod_rewrite buffer overflow
10693| [13295] Apache weak password encryption
10694| [13254] Apache Tomcat .jsp cross-site scripting
10695| [13125] Apache::Gallery Inline::C could allow arbitrary code execution
10696| [13086] Apache Jakarta Tomcat mod_jk format string allows remote access
10697| [12681] Apache HTTP Server mod_proxy could allow mail relaying
10698| [12662] Apache HTTP Server rotatelogs denial of service
10699| [12554] Apache Tomcat stores password in plain text
10700| [12553] Apache HTTP Server redirects and subrequests denial of service
10701| [12552] Apache HTTP Server FTP proxy server denial of service
10702| [12551] Apache HTTP Server prefork MPM denial of service
10703| [12550] Apache HTTP Server weaker than expected encryption
10704| [12549] Apache HTTP Server type-map file denial of service
10705| [12206] Apache Tomcat /opt/tomcat directory insecure permissions
10706| [12102] Apache Jakarta Tomcat MS-DOS device name request denial of service
10707| [12091] Apache HTTP Server apr_password_validate denial of service
10708| [12090] Apache HTTP Server apr_psprintf code execution
10709| [11804] Apache HTTP Server mod_access_referer denial of service
10710| [11750] Apache HTTP Server could leak sensitive file descriptors
10711| [11730] Apache HTTP Server error log and access log terminal escape sequence injection
10712| [11703] Apache long slash path allows directory listing
10713| [11695] Apache HTTP Server LF (Line Feed) denial of service
10714| [11694] Apache HTTP Server filestat.c denial of service
10715| [11438] Apache HTTP Server MIME message boundaries information disclosure
10716| [11412] Apache HTTP Server error log terminal escape sequence injection
10717| [11196] Apache Tomcat examples and ROOT Web applications cross-site scripting
10718| [11195] Apache Tomcat web.xml could be used to read files
10719| [11194] Apache Tomcat URL appended with a null character could list directories
10720| [11139] Apache HTTP Server mass virtual hosting with mod_rewrite or mod_vhost_alias could allow an attacker to obtain files
10721| [11126] Apache HTTP Server illegal character file disclosure
10722| [11125] Apache HTTP Server DOS device name HTTP POST code execution
10723| [11124] Apache HTTP Server DOS device name denial of service
10724| [11088] Apache HTTP Server mod_vhost_alias CGI source disclosure
10725| [10938] Apache HTTP Server printenv test CGI cross-site scripting
10726| [10771] Apache Tomcat mod_jk module multiple HTTP GET request buffer overflow
10727| [10575] Apache mod_php module could allow an attacker to take over the httpd process
10728| [10499] Apache HTTP Server WebDAV HTTP POST view source
10729| [10457] Apache HTTP Server mod_ssl "
10730| [10415] Apache HTTP Server htdigest insecure system() call could allow command execution
10731| [10414] Apache HTTP Server htdigest multiple buffer overflows
10732| [10413] Apache HTTP Server htdigest temporary file race condition
10733| [10412] Apache HTTP Server htpasswd temporary file race condition
10734| [10376] Apache Tomcat invoker servlet used in conjunction with the default servlet reveals source code
10735| [10348] Apache Tomcat HTTP GET request DOS device reference could cause a denial of service
10736| [10281] Apache HTTP Server ab.c ApacheBench long response buffer overflow
10737| [10280] Apache HTTP Server shared memory scorecard overwrite
10738| [10263] Apache Tomcat mod_jk or mod_jserv connector directory disclosure
10739| [10241] Apache HTTP Server Host: header cross-site scripting
10740| [10230] Slapper worm variants A, B, and C target OpenSSL/Apache systems
10741| [10208] Apache HTTP Server mod_dav denial of service
10742| [10206] HP VVOS Apache mod_ssl denial of service
10743| [10200] Apache HTTP Server stderr denial of service
10744| [10175] Apache Tomcat org.apache.catalina.servlets.DefaultServlet reveals source code
10745| [10169] Slapper worm variant (Slapper.C) targets OpenSSL/Apache systems
10746| [10154] Slapper worm variant (Slapper.B) targets OpenSSL/Apache systems
10747| [10098] Slapper worm targets OpenSSL/Apache systems
10748| [9876] Apache HTTP Server cgi/cgid request could disclose the path to a requested script
10749| [9875] Apache HTTP Server .var file request could disclose installation path
10750| [9863] Apache Tomcat web.xml file could allow a remote attacker to bypass restrictions
10751| [9808] Apache HTTP Server non-Unix version URL encoded directory traversal
10752| [9623] Apache HTTP Server ap_log_rerror() path disclosure
10753| [9520] Apache Tomcat /servlet/ mapping cross-site scripting
10754| [9415] Apache HTTP Server mod_ssl .htaccess off-by-one buffer overflow
10755| [9396] Apache Tomcat null character to threads denial of service
10756| [9394] Apache Tomcat HTTP request for LPT9 reveals Web root path
10757| [9249] Apache HTTP Server chunked encoding heap buffer overflow
10758| [9208] Apache Tomcat sample file requests could reveal directory listing and path to Web root directory
10759| [8932] Apache Tomcat example class information disclosure
10760| [8633] Apache HTTP Server with mod_rewrite could allow an attacker to bypass directives
10761| [8629] Apache HTTP Server double-reverse DNS lookup spoofing
10762| [8589] Apache HTTP Server for Windows DOS batch file remote command execution
10763| [8457] Oracle9i Application Server Apache PL/SQL HTTP Location header buffer overflow
10764| [8455] Oracle9i Application Server default installation could allow an attacker to access certain Apache Services
10765| [8400] Apache HTTP Server mod_frontpage buffer overflows
10766| [8326] Apache HTTP Server multiple MIME headers (sioux) denial of service
10767| [8308] Apache "
10768| [8275] Apache HTTP Server with Multiviews enabled could disclose directory contents
10769| [8119] Apache and PHP OPTIONS request reveals "
10770| [8054] Apache is running on the system
10771| [8029] Mandrake Linux default Apache configuration could allow an attacker to browse files and directories
10772| [8027] Mandrake Linux default Apache configuration has remote management interface enabled
10773| [8026] Mandrake Linux Apache sample programs could disclose sensitive information about the server
10774| [7836] Apache HTTP Server log directory denial of service
10775| [7815] Apache for Windows "
10776| [7810] Apache HTTP request could result in unexpected behavior
10777| [7599] Apache Tomcat reveals installation path
10778| [7494] Apache "
10779| [7419] Apache Web Server could allow remote attackers to overwrite .log files
10780| [7363] Apache Web Server hidden HTTP requests
10781| [7249] Apache mod_proxy denial of service
10782| [7129] Linux with Apache Web server could allow an attacker to determine if a specified username exists
10783| [7103] Apple Mac OS X used with Apache Web server could disclose directory contents
10784| [7059] Apache "
10785| [7057] Apache "
10786| [7056] Apache "
10787| [7055] Apache "
10788| [7054] Apache "
10789| [6997] Apache Jakarta Tomcat error message may reveal information
10790| [6971] Apache Jakarta Tomcat may reveal JSP source code with missing HTTP protocol specification
10791| [6970] Apache crafted HTTP request could reveal the internal IP address
10792| [6921] Apache long slash path allows directory listing
10793| [6687] Apple Mac OS X used with Apache Web server could allow arbitrary file disclosure
10794| [6527] Apache Web Server for Windows and OS2 denial of service
10795| [6316] Apache Jakarta Tomcat may reveal JSP source code
10796| [6305] Apache Jakarta Tomcat directory traversal
10797| [5926] Linux Apache symbolic link
10798| [5659] Apache Web server discloses files when used with php script
10799| [5310] Apache mod_rewrite allows attacker to view arbitrary files
10800| [5204] Apache WebDAV directory listings
10801| [5197] Apache Web server reveals CGI script source code
10802| [5160] Apache Jakarta Tomcat default installation
10803| [5099] Trustix Secure Linux installs Apache with world writable access
10804| [4968] Apache Jakarta Tomcat snoop servlet gives out information which could be used in attack
10805| [4967] Apache Jakarta Tomcat 404 error reveals the pathname of the requested file
10806| [4931] Apache source.asp example file allows users to write to files
10807| [4575] IBM HTTP Server running Apache allows users to directory listing and file retrieval
10808| [4205] Apache Jakarta Tomcat delivers file contents
10809| [2084] Apache on Debian by default serves the /usr/doc directory
10810| [1630] MessageMedia UnityMail and Apache Web server MIME header flood denial of service
10811| [697] Apache HTTP server beck exploit
10812| [331] Apache cookies buffer overflow
10813|
10814| Exploit-DB - https://www.exploit-db.com:
10815| [31130] Apache Tomcat <= 6.0.15 Cookie Quote Handling Remote Information Disclosure Vulnerability
10816| [31052] Apache <= 2.2.6 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
10817| [30901] Apache HTTP Server 2.2.6 Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
10818| [30835] Apache HTTP Server <= 2.2.4 413 Error HTTP Request Method Cross-Site Scripting Weakness
10819| [30563] Apache Tomcat <= 5.5.15 Cal2.JSP Cross-Site Scripting Vulnerability
10820| [30496] Apache Tomcat <= 6.0.13 Cookie Handling Quote Delimiter Session ID Disclosure
10821| [30495] Apache Tomcat <= 6.0.13 Host Manager Servlet Cross Site Scripting Vulnerability
10822| [30191] Apache MyFaces Tomahawk JSF Framework 1.1.5 Autoscroll Parameter Cross Site Scripting Vulnerability
10823| [30189] Apache Tomcat <= 6.0.13 JSP Example Web Applications Cross Site Scripting Vulnerability
10824| [30052] Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities
10825| [29930] Apache AXIS 1.0 Non-Existent WSDL Path Information Disclosure Vulnerability
10826| [29859] Apache Roller OGNL Injection
10827| [29739] Apache HTTP Server Tomcat 5.x/6.0.x Directory Traversal Vulnerability
10828| [29435] Apache Tomcat 5.5.25 - CSRF Vulnerabilities
10829| [29316] Apache + PHP 5.x - Remote Code Execution (Multithreaded Scanner) (2)
10830| [29290] Apache / PHP 5.x Remote Code Execution Exploit
10831| [28713] Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object RCE
10832| [28424] Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness
10833| [28365] Apache 2.2.2 CGI Script Source Code Information Disclosure Vulnerability
10834| [28254] Apache Tomcat 5 Information Disclosure Vulnerability
10835| [27915] Apache James 2.2 SMTP Denial of Service Vulnerability
10836| [27397] Apache suEXEC Privilege Elevation / Information Disclosure
10837| [27135] Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution
10838| [27096] Apache Geronimo 1.0 Error Page XSS
10839| [27095] Apache Tomcat / Geronimo 1.0 Sample Script cal2.jsp time Parameter XSS
10840| [26710] Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
10841| [26542] Apache Struts 1.2.7 Error Response Cross-Site Scripting Vulnerability
10842| [25986] Plesk Apache Zeroday Remote Exploit
10843| [25980] Apache Struts includeParams Remote Code Execution
10844| [25625] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (2)
10845| [25624] Apache 1.3.x HTDigest Realm Command Line Argument Buffer Overflow Vulnerability (1)
10846| [24874] Apache Struts ParametersInterceptor Remote Code Execution
10847| [24744] Apache Rave 0.11 - 0.20 - User Information Disclosure
10848| [24694] Apache 1.3.x mod_include Local Buffer Overflow Vulnerability
10849| [24590] Apache 2.0.x mod_ssl Remote Denial of Service Vulnerability
10850| [23751] Apache Cygwin 1.3.x/2.0.x Directory Traversal Vulnerability
10851| [23581] Apache 2.0.4x mod_perl Module File Descriptor Leakage Vulnerability
10852| [23482] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (2)
10853| [23481] Apache 2.0.4x mod_php Module File Descriptor Leakage Vulnerability (1)
10854| [23296] Red Hat Apache 2.0.40 Directory Index Default Configuration Error
10855| [23282] apache cocoon 2.14/2.2 - Directory Traversal vulnerability
10856| [23245] Apache Tomcat 4.0.x Non-HTTP Request Denial of Service Vulnerability
10857| [23119] Apache::Gallery 0.4/0.5/0.6 Insecure Local File Storage Privilege Escalation Vulnerability
10858| [22505] Apache Mod_Access_Referer 1.0.2 NULL Pointer Dereference Denial of Service Vulnerability
10859| [22205] Apache Tomcat 3.x Null Byte Directory/File Disclosure Vulnerability
10860| [22191] Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability
10861| [22068] Apache 1.3.x,Tomcat 4.0.x/4.1.x Mod_JK Chunked Encoding Denial of Service Vulnerability
10862| [21885] Apache 1.3/2.0.x Server Side Include Cross Site Scripting Vulnerability
10863| [21882] Apache Tomcat 3.2 Directory Disclosure Vulnerability
10864| [21854] Apache 2.0.39/40 Oversized STDERR Buffer Denial of Service Vulnerability
10865| [21853] Apache Tomcat 3/4 DefaultServlet File Disclosure Vulnerability
10866| [21734] Apache Tomcat 4.1 JSP Request Cross Site Scripting Vulnerability
10867| [21719] Apache 2.0 Path Disclosure Vulnerability
10868| [21697] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
10869| [21605] Apache Tomcat 4.0.3 DoS Device Name Cross Site Scripting Vulnerability
10870| [21604] Apache Tomcat 4.0.3 Servlet Mapping Cross Site Scripting Vulnerability
10871| [21560] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (2)
10872| [21559] Apache 1.x/2.0.x Chunked-Encoding Memory Corruption Vulnerability (1)
10873| [21534] Apache Tomcat 3/4 JSP Engine Denial of Service Vulnerability
10874| [21492] Apache Tomcat 3.2.3/3.2.4 RealPath.JSP Malformed Request Information Disclosure
10875| [21491] Apache Tomcat 3.2.3/3.2.4 Example Files Web Root Path Disclosure
10876| [21490] Apache Tomcat 3.2.3/3.2.4 Source.JSP Malformed Request Information Disclosure
10877| [21412] Apache Tomcat 4.0/4.1 Servlet Path Disclosure Vulnerability
10878| [21350] Apache Win32 1.3.x/2.0.x Batch File Remote Command Execution Vulnerability
10879| [21204] Apache 1.3.20 Win32 PHP.EXE Remote File Disclosure Vulnerability
10880| [21112] Red Hat Linux 7.0 Apache Remote Username Enumeration Vulnerability
10881| [21067] Apache 1.0/1.2/1.3 Server Address Disclosure Vulnerability
10882| [21002] Apache 1.3 Possible Directory Index Disclosure Vulnerability
10883| [20911] Apache 1.3.14 Mac File Protection Bypass Vulnerability
10884| [20716] apache tomcat 3.0 - Directory Traversal vulnerability
10885| [20695] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (4)
10886| [20694] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (3)
10887| [20693] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (2)
10888| [20692] Apache 1.3 Artificially Long Slash Path Directory Listing Vulnerability (1)
10889| [20595] NCSA 1.3/1.4.x/1.5,Apache httpd 0.8.11/0.8.14 ScriptAlias Source Retrieval Vulnerability
10890| [20558] Apache 1.2 Web Server DoS Vulnerability
10891| [20466] Apache 1.3 Web Server with Php 3 File Disclosure Vulnerability
10892| [20435] Apache 0.8.x/1.0.x,NCSA httpd 1.x test-cgi Directory Listing Vulnerability
10893| [20272] Apache 1.2.5/1.3.1,UnityMail 2.0 MIME Header DoS Vulnerability
10894| [20210] Apache 1.3.12 WebDAV Directory Listings Vulnerability
10895| [20131] Apache Tomcat 3.1 Path Revealing Vulnerability
10896| [19975] Apache 1.3.6/1.3.9/1.3.11/1.3.12/1.3.20 Root Directory Access Vulnerability
10897| [19828] Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability
10898| [19536] Apache <= 1.1,NCSA httpd <= 1.5.2,Netscape Server 1.12/1.1/2.0 a nph-test-cgi Vulnerability
10899| [19231] PHP apache_request_headers Function Buffer Overflow
10900| [18984] Apache Struts <= 2.2.1.1 - Remote Command Execution
10901| [18897] Oracle Weblogic Apache Connector POST Request Buffer Overflow
10902| [18619] Apache Tomcat Remote Exploit (PUT Request) and Account Scanner
10903| [18452] Apache Struts Multiple Persistent Cross-Site Scripting Vulnerabilities
10904| [18442] Apache httpOnly Cookie Disclosure
10905| [18329] Apache Struts2 <= 2.3.1 - Multiple Vulnerabilities
10906| [18221] Apache HTTP Server Denial of Service
10907| [17969] Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
10908| [17696] Apache httpd Remote Denial of Service (memory exhaustion)
10909| [17691] Apache Struts < 2.2.0 - Remote Command Execution
10910| [16798] Apache mod_jk 1.2.20 Buffer Overflow
10911| [16782] Apache Win32 Chunked Encoding
10912| [16752] Apache module mod_rewrite LDAP protocol Buffer Overflow
10913| [16317] Apache Tomcat Manager Application Deployer Authenticated Code Execution
10914| [15710] Apache Archiva 1.0 - 1.3.1 CSRF Vulnerability
10915| [15319] Apache 2.2 (Windows) Local Denial of Service
10916| [14617] Apache JackRabbit 2.0.0 webapp XPath Injection
10917| [14489] Apache Tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10918| [12721] Apache Axis2 1.4.1 - Local File Inclusion Vulnerability
10919| [12689] Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
10920| [12343] Apache Tomcat 5.5.0 to 5.5.29 & 6.0.0 to 6.0.26 - Information Disclosure Vulnerability
10921| [12330] Apache OFBiz - Multiple XSS
10922| [12264] Apache OFBiz - FULLADMIN Creator PoC Payload
10923| [12263] Apache OFBiz - SQL Remote Execution PoC Payload
10924| [11662] Apache Spamassassin Milter Plugin Remote Root Command Execution
10925| [11650] Apache 2.2.14 mod_isapi Dangling Pointer Remote SYSTEM Exploit
10926| [10811] Joomla.Tutorials GHDB: Apache directory listing Download Vulnerability
10927| [10292] Apache Tomcat 3.2.1 - 404 Error Page Cross Site Scripting Vulnerability
10928| [9995] Apache Tomcat Form Authentication Username Enumeration Weakness
10929| [9994] Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
10930| [9993] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
10931| [8842] Apache mod_dav / svn Remote Denial of Service Exploit
10932| [8458] Apache Geronimo <= 2.1.3 - Multiple Directory Traversal Vulnerabilities
10933| [7264] Apache Tomcat runtime.getRuntime().exec() Privilege Escalation (win)
10934| [6229] apache tomcat < 6.0.18 utf8 - Directory Traversal vulnerability
10935| [6100] Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32)
10936| [6089] Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit
10937| [5386] Apache Tomcat Connector jk2-2.0.2 (mod_jk2) Remote Overflow Exploit
10938| [5330] Apache 2.0 mod_jk2 2.0.2 - Remote Buffer Overflow Exploit (win32)
10939| [4552] Apache Tomcat (webdav) Remote File Disclosure Exploit (ssl support)
10940| [4530] Apache Tomcat (webdav) Remote File Disclosure Exploit
10941| [4162] Apache Tomcat Connector (mod_jk) Remote Exploit (exec-shield)
10942| [4093] Apache mod_jk 1.2.19/1.2.20 Remote Buffer Overflow Exploit
10943| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
10944| [3680] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32)
10945| [3384] Ubuntu/Debian Apache 1.3.33/1.3.34 (CGI TTY) Local Root Exploit
10946| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
10947| [2061] Apache Tomcat < 5.5.17 Remote Directory Listing Vulnerability
10948| [1056] Apache <= 2.0.49 Arbitrary Long HTTP Headers Denial of Service
10949| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
10950| [764] Apache OpenSSL - Remote Exploit (Multiple Targets) (OpenFuckV2.c)
10951| [587] Apache <= 1.3.31 mod_include Local Buffer Overflow Exploit
10952| [466] htpasswd Apache 1.3.31 - Local Exploit
10953| [371] Apache HTTPd Arbitrary Long HTTP Headers DoS (c version)
10954| [360] Apache HTTPd Arbitrary Long HTTP Headers DoS
10955| [132] Apache 1.3.x - 2.0.48 - mod_userdir Remote Users Disclosure Exploit
10956| [126] Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit
10957| [67] Apache 1.3.x mod_mylo Remote Code Execution Exploit
10958| [38] Apache <= 2.0.45 APR Remote Exploit -Apache-Knacker.pl
10959| [34] Webfroot Shoutbox < 2.32 (Apache) Remote Exploit
10960| [11] Apache <= 2.0.44 Linux Remote Denial of Service Exploit
10961| [9] Apache HTTP Server 2.x Memory Leak Exploit
10962|
10963| OpenVAS (Nessus) - http://www.openvas.org:
10964| [902924] Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability
10965| [902837] PHP 'apache_request_headers()' Function Buffer Overflow Vulnerability (Windows)
10966| [902830] Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
10967| [902664] Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
10968| [901203] Apache httpd Web Server Range Header Denial of Service Vulnerability
10969| [901110] Apache ActiveMQ Source Code Information Disclosure Vulnerability
10970| [901105] Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
10971| [900842] Apache 'mod_proxy_ftp' Module Command Injection Vulnerability (Linux)
10972| [900841] Apache 'mod_proxy_ftp' Module Denial Of Service Vulnerability (Linux)
10973| [900573] Apache APR-Utils XML Parser Denial of Service Vulnerability
10974| [900572] Apache APR-Utils Multiple Denial of Service Vulnerabilities
10975| [900571] Apache APR-Utils Version Detection
10976| [900499] Apache mod_proxy_ajp Information Disclosure Vulnerability
10977| [900496] Apache Tiles Multiple XSS Vulnerability
10978| [900493] Apache Tiles Version Detection
10979| [900107] Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
10980| [900021] Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
10981| [880086] CentOS Update for apache CESA-2008:0004-01 centos2 i386
10982| [870175] RedHat Update for apache RHSA-2008:0004-01
10983| [864591] Fedora Update for apache-poi FEDORA-2012-10835
10984| [864383] Fedora Update for apache-commons-compress FEDORA-2012-8428
10985| [864280] Fedora Update for apache-commons-compress FEDORA-2012-8465
10986| [864250] Fedora Update for apache-poi FEDORA-2012-7683
10987| [864249] Fedora Update for apache-poi FEDORA-2012-7686
10988| [863993] Fedora Update for apache-commons-daemon FEDORA-2011-10880
10989| [863466] Fedora Update for apache-commons-daemon FEDORA-2011-10936
10990| [855821] Solaris Update for Apache 1.3 122912-19
10991| [855812] Solaris Update for Apache 1.3 122911-19
10992| [855737] Solaris Update for Apache 1.3 122911-17
10993| [855731] Solaris Update for Apache 1.3 122912-17
10994| [855695] Solaris Update for Apache 1.3 122911-16
10995| [855645] Solaris Update for Apache 1.3 122912-16
10996| [855587] Solaris Update for kernel update and Apache 108529-29
10997| [855566] Solaris Update for Apache 116973-07
10998| [855531] Solaris Update for Apache 116974-07
10999| [855524] Solaris Update for Apache 2 120544-14
11000| [855494] Solaris Update for Apache 1.3 122911-15
11001| [855478] Solaris Update for Apache Security 114145-11
11002| [855472] Solaris Update for Apache Security 113146-12
11003| [855179] Solaris Update for Apache 1.3 122912-15
11004| [855147] Solaris Update for kernel update and Apache 108528-29
11005| [855077] Solaris Update for Apache 2 120543-14
11006| [850196] SuSE Update for apache2 openSUSE-SU-2012:0314-1 (apache2)
11007| [850088] SuSE Update for apache2 SUSE-SA:2007:061
11008| [850009] SuSE Update for apache2,apache SUSE-SA:2008:021
11009| [841209] Ubuntu Update for apache2 USN-1627-1
11010| [840900] Ubuntu Update for apache2 USN-1368-1
11011| [840798] Ubuntu Update for apache2 USN-1259-1
11012| [840734] Ubuntu Update for apache2 USN-1199-1
11013| [840542] Ubuntu Update for apache2 vulnerabilities USN-1021-1
11014| [840504] Ubuntu Update for apache2 vulnerability USN-990-2
11015| [840399] Ubuntu Update for apache2 vulnerabilities USN-908-1
11016| [840304] Ubuntu Update for apache2 vulnerabilities USN-575-1
11017| [840118] Ubuntu Update for libapache2-mod-perl2 vulnerability USN-488-1
11018| [840092] Ubuntu Update for apache2 vulnerabilities USN-499-1
11019| [840039] Ubuntu Update for libapache2-mod-python vulnerability USN-430-1
11020| [835253] HP-UX Update for Apache Web Server HPSBUX02645
11021| [835247] HP-UX Update for Apache-based Web Server HPSBUX02612
11022| [835243] HP-UX Update for Apache Running Tomcat Servlet Engine HPSBUX02579
11023| [835236] HP-UX Update for Apache with PHP HPSBUX02543
11024| [835233] HP-UX Update for Apache-based Web Server HPSBUX02531
11025| [835224] HP-UX Update for Apache-based Web Server HPSBUX02465
11026| [835200] HP-UX Update for Apache Web Server Suite HPSBUX02431
11027| [835190] HP-UX Update for Apache Web Server Suite HPSBUX02401
11028| [835188] HP-UX Update for Apache HPSBUX02308
11029| [835181] HP-UX Update for Apache With PHP HPSBUX02332
11030| [835180] HP-UX Update for Apache with PHP HPSBUX02342
11031| [835172] HP-UX Update for Apache HPSBUX02365
11032| [835168] HP-UX Update for Apache HPSBUX02313
11033| [835148] HP-UX Update for Apache HPSBUX01064
11034| [835139] HP-UX Update for Apache with PHP HPSBUX01090
11035| [835131] HP-UX Update for Apache HPSBUX00256
11036| [835119] HP-UX Update for Apache Remote Execution of Arbitrary Code HPSBUX02186
11037| [835104] HP-UX Update for Apache HPSBUX00224
11038| [835103] HP-UX Update for Apache mod_cgid HPSBUX00301
11039| [835101] HP-UX Update for Apache HPSBUX01232
11040| [835080] HP-UX Update for Apache HPSBUX02273
11041| [835078] HP-UX Update for ApacheStrong HPSBUX00255
11042| [835044] HP-UX Update for Apache HPSBUX01019
11043| [835040] HP-UX Update for Apache PHP HPSBUX00207
11044| [835025] HP-UX Update for Apache HPSBUX00197
11045| [835023] HP-UX Update for Apache HPSBUX01022
11046| [835022] HP-UX Update for Apache HPSBUX02292
11047| [835005] HP-UX Update for Apache HPSBUX02262
11048| [831759] Mandriva Update for apache-mod_security MDVSA-2012:182 (apache-mod_security)
11049| [831737] Mandriva Update for apache MDVSA-2012:154-1 (apache)
11050| [831534] Mandriva Update for apache MDVSA-2012:012 (apache)
11051| [831523] Mandriva Update for apache MDVSA-2012:003 (apache)
11052| [831491] Mandriva Update for apache MDVSA-2011:168 (apache)
11053| [831460] Mandriva Update for apache MDVSA-2011:144 (apache)
11054| [831449] Mandriva Update for apache MDVSA-2011:130 (apache)
11055| [831357] Mandriva Update for apache MDVSA-2011:057 (apache)
11056| [831132] Mandriva Update for apache MDVSA-2010:153 (apache)
11057| [831131] Mandriva Update for apache MDVSA-2010:152 (apache)
11058| [830989] Mandriva Update for apache-mod_auth_shadow MDVSA-2010:081 (apache-mod_auth_shadow)
11059| [830931] Mandriva Update for apache MDVSA-2010:057 (apache)
11060| [830926] Mandriva Update for apache MDVSA-2010:053 (apache)
11061| [830918] Mandriva Update for apache-mod_security MDVSA-2010:050 (apache-mod_security)
11062| [830799] Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
11063| [830797] Mandriva Update for apache-conf MDVSA-2009:300-1 (apache-conf)
11064| [830791] Mandriva Update for apache-conf MDVA-2010:011 (apache-conf)
11065| [830652] Mandriva Update for apache MDVSA-2008:195 (apache)
11066| [830621] Mandriva Update for apache-conf MDVA-2008:129 (apache-conf)
11067| [830581] Mandriva Update for apache MDVSA-2008:016 (apache)
11068| [830294] Mandriva Update for apache MDKSA-2007:140 (apache)
11069| [830196] Mandriva Update for apache MDKSA-2007:235 (apache)
11070| [830112] Mandriva Update for apache MDKSA-2007:127 (apache)
11071| [830109] Mandriva Update for apache-mod_perl MDKSA-2007:083 (apache-mod_perl)
11072| [802425] Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
11073| [802423] Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
11074| [802422] Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
11075| [802415] Apache Tomcat Multiple Security Bypass Vulnerabilities (Win)
11076| [802385] Apache Tomcat Request Object Security Bypass Vulnerability (Win)
11077| [802384] Apache Tomcat Parameter Handling Denial of Service Vulnerability (Win)
11078| [802378] Apache Tomcat Hash Collision Denial Of Service Vulnerability
11079| [801942] Apache Archiva Multiple Vulnerabilities
11080| [801940] Apache Struts2 'XWork' Information Disclosure Vulnerability
11081| [801663] Apache Struts2/XWork Remote Command Execution Vulnerability
11082| [801521] Apache APR-util 'buckets/apr_brigade.c' Denial Of Service Vulnerability
11083| [801284] Apache Derby Information Disclosure Vulnerability
11084| [801203] Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
11085| [800837] Apache 'mod_deflate' Denial Of Service Vulnerability - July09
11086| [800827] Apache 'mod_proxy_http.c' Denial Of Service Vulnerability
11087| [800680] Apache APR Version Detection
11088| [800679] Apache APR and APR-util Multiple Integer Overflow Vulnerabilities
11089| [800678] Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
11090| [800677] Apache Roller Version Detection
11091| [800279] Apache mod_jk Module Version Detection
11092| [800278] Apache Struts Cross Site Scripting Vulnerability
11093| [800277] Apache Tomcat mod_jk Information Disclosure Vulnerability
11094| [800276] Apache Struts Version Detection
11095| [800271] Apache Struts Directory Traversal Vulnerability
11096| [800024] Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
11097| [103333] Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability
11098| [103293] Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
11099| [103122] Apache Web Server ETag Header Information Disclosure Weakness
11100| [103074] Apache Continuum Cross Site Scripting Vulnerability
11101| [103073] Apache Continuum Detection
11102| [103053] Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
11103| [101023] Apache Open For Business Weak Password security check
11104| [101020] Apache Open For Business HTML injection vulnerability
11105| [101019] Apache Open For Business service detection
11106| [100924] Apache Archiva Cross Site Request Forgery Vulnerability
11107| [100923] Apache Archiva Detection
11108| [100858] Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
11109| [100814] Apache Axis2 Document Type Declaration Processing Security Vulnerability
11110| [100813] Apache Axis2 Detection
11111| [100797] Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
11112| [100795] Apache Derby Detection
11113| [100762] Apache CouchDB Cross Site Request Forgery Vulnerability
11114| [100725] Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
11115| [100613] Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
11116| [100514] Apache Multiple Security Vulnerabilities
11117| [100211] Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
11118| [100172] Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
11119| [100171] Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability
11120| [100130] Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
11121| [72626] Debian Security Advisory DSA 2579-1 (apache2)
11122| [72612] FreeBSD Ports: apache22
11123| [71551] Gentoo Security Advisory GLSA 201206-25 (apache)
11124| [71550] Gentoo Security Advisory GLSA 201206-24 (apache tomcat)
11125| [71512] FreeBSD Ports: apache
11126| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
11127| [71256] Debian Security Advisory DSA 2452-1 (apache2)
11128| [71238] Debian Security Advisory DSA 2436-1 (libapache2-mod-fcgid)
11129| [70737] FreeBSD Ports: apache
11130| [70724] Debian Security Advisory DSA 2405-1 (apache2)
11131| [70600] FreeBSD Ports: apache
11132| [70253] FreeBSD Ports: apache, apache-event, apache-itk, apache-peruser, apache-worker
11133| [70235] Debian Security Advisory DSA 2298-2 (apache2)
11134| [70233] Debian Security Advisory DSA 2298-1 (apache2)
11135| [69988] Debian Security Advisory DSA 2279-1 (libapache2-mod-authnz-external)
11136| [69338] Debian Security Advisory DSA 2202-1 (apache2)
11137| [67868] FreeBSD Ports: apache
11138| [66816] FreeBSD Ports: apache
11139| [66553] Mandriva Security Advisory MDVSA-2009:189-1 (apache-mod_auth_mysql)
11140| [66414] Mandriva Security Advisory MDVSA-2009:323 (apache)
11141| [66106] SuSE Security Advisory SUSE-SA:2009:050 (apache2,libapr1)
11142| [66081] SLES11: Security update for Apache 2
11143| [66074] SLES10: Security update for Apache 2
11144| [66070] SLES9: Security update for Apache 2
11145| [65998] SLES10: Security update for apache2-mod_python
11146| [65893] SLES10: Security update for Apache 2
11147| [65888] SLES10: Security update for Apache 2
11148| [65575] SLES9: Security update for apache2,apache2-prefork,apache2-worker
11149| [65510] SLES9: Security update for Apache 2
11150| [65472] SLES9: Security update for Apache
11151| [65467] SLES9: Security update for Apache
11152| [65450] SLES9: Security update for apache2
11153| [65390] SLES9: Security update for Apache2
11154| [65363] SLES9: Security update for Apache2
11155| [65309] SLES9: Security update for Apache and mod_ssl
11156| [65296] SLES9: Security update for webdav apache module
11157| [65283] SLES9: Security update for Apache2
11158| [65249] SLES9: Security update for Apache 2
11159| [65230] SLES9: Security update for Apache 2
11160| [65228] SLES9: Security update for Apache 2
11161| [65212] SLES9: Security update for apache2-mod_python
11162| [65209] SLES9: Security update for apache2-worker
11163| [65207] SLES9: Security update for Apache 2
11164| [65168] SLES9: Security update for apache2-mod_python
11165| [65142] SLES9: Security update for Apache2
11166| [65136] SLES9: Security update for Apache 2
11167| [65132] SLES9: Security update for apache
11168| [65131] SLES9: Security update for Apache 2 oes/CORE
11169| [65113] SLES9: Security update for apache2
11170| [65072] SLES9: Security update for apache and mod_ssl
11171| [65017] SLES9: Security update for Apache 2
11172| [64950] Mandrake Security Advisory MDVSA-2009:240 (apache)
11173| [64783] FreeBSD Ports: apache
11174| [64774] Ubuntu USN-802-2 (apache2)
11175| [64653] Ubuntu USN-813-2 (apache2)
11176| [64559] Debian Security Advisory DSA 1834-2 (apache2)
11177| [64532] Mandrake Security Advisory MDVSA-2009:189 (apache-mod_auth_mysql)
11178| [64527] Mandrake Security Advisory MDVSA-2009:184 (apache-mod_security)
11179| [64526] Mandrake Security Advisory MDVSA-2009:183 (apache-mod_security)
11180| [64500] Mandrake Security Advisory MDVSA-2009:168 (apache)
11181| [64443] Ubuntu USN-802-1 (apache2)
11182| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
11183| [64423] Debian Security Advisory DSA 1834-1 (apache2)
11184| [64391] Mandrake Security Advisory MDVSA-2009:149 (apache)
11185| [64377] Mandrake Security Advisory MDVSA-2009:124-1 (apache)
11186| [64251] Debian Security Advisory DSA 1816-1 (apache2)
11187| [64201] Ubuntu USN-787-1 (apache2)
11188| [64140] Mandrake Security Advisory MDVSA-2009:124 (apache)
11189| [64136] Mandrake Security Advisory MDVSA-2009:102 (apache)
11190| [63565] FreeBSD Ports: apache
11191| [63562] Ubuntu USN-731-1 (apache2)
11192| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
11193| [61185] FreeBSD Ports: apache
11194| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
11195| [60387] Slackware Advisory SSA:2008-045-02 apache
11196| [58826] FreeBSD Ports: apache-tomcat
11197| [58825] FreeBSD Ports: apache-tomcat
11198| [58804] FreeBSD Ports: apache
11199| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
11200| [58360] Debian Security Advisory DSA 1312-1 (libapache-mod-jk)
11201| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
11202| [57788] Debian Security Advisory DSA 1247-1 (libapache-mod-auth-kerb)
11203| [57335] Debian Security Advisory DSA 1167-1 (apache)
11204| [57201] Debian Security Advisory DSA 1131-1 (apache)
11205| [57200] Debian Security Advisory DSA 1132-1 (apache2)
11206| [57168] Slackware Advisory SSA:2006-209-01 Apache httpd
11207| [57145] FreeBSD Ports: apache
11208| [56731] Slackware Advisory SSA:2006-129-01 Apache httpd
11209| [56729] Slackware Advisory SSA:2006-130-01 Apache httpd redux
11210| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
11211| [56212] Debian Security Advisory DSA 952-1 (libapache-auth-ldap)
11212| [56115] Debian Security Advisory DSA 935-1 (libapache2-mod-auth-pgsql)
11213| [56067] FreeBSD Ports: apache
11214| [55803] Slackware Advisory SSA:2005-310-04 apache
11215| [55519] Debian Security Advisory DSA 839-1 (apachetop)
11216| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
11217| [55355] FreeBSD Ports: apache
11218| [55284] Debian Security Advisory DSA 807-1 (libapache-mod-ssl)
11219| [55261] Debian Security Advisory DSA 805-1 (apache2)
11220| [55259] Debian Security Advisory DSA 803-1 (apache)
11221| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
11222| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
11223| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
11224| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
11225| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
11226| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
11227| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
11228| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
11229| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
11230| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
11231| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
11232| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
11233| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
11234| [54439] FreeBSD Ports: apache
11235| [53931] Slackware Advisory SSA:2004-133-01 apache
11236| [53903] Slackware Advisory SSA:2004-299-01 apache, mod_ssl, php
11237| [53902] Slackware Advisory SSA:2004-305-01 apache+mod_ssl
11238| [53878] Slackware Advisory SSA:2003-308-01 apache security update
11239| [53851] Debian Security Advisory DSA 135-1 (libapache-mod-ssl)
11240| [53849] Debian Security Advisory DSA 132-1 (apache-ssl)
11241| [53848] Debian Security Advisory DSA 131-1 (apache)
11242| [53784] Debian Security Advisory DSA 021-1 (apache)
11243| [53738] Debian Security Advisory DSA 195-1 (apache-perl)
11244| [53737] Debian Security Advisory DSA 188-1 (apache-ssl)
11245| [53735] Debian Security Advisory DSA 187-1 (apache)
11246| [53703] Debian Security Advisory DSA 532-1 (libapache-mod-ssl)
11247| [53577] Debian Security Advisory DSA 120-1 (libapache-mod-ssl, apache-ssl)
11248| [53568] Debian Security Advisory DSA 067-1 (apache,apache-ssl)
11249| [53519] Debian Security Advisory DSA 689-1 (libapache-mod-python)
11250| [53433] Debian Security Advisory DSA 181-1 (libapache-mod-ssl)
11251| [53282] Debian Security Advisory DSA 594-1 (apache)
11252| [53248] Debian Security Advisory DSA 558-1 (libapache-mod-dav)
11253| [53224] Debian Security Advisory DSA 532-2 (libapache-mod-ssl)
11254| [53215] Debian Security Advisory DSA 525-1 (apache)
11255| [53151] Debian Security Advisory DSA 452-1 (libapache-mod-python)
11256| [52529] FreeBSD Ports: apache+ssl
11257| [52501] FreeBSD Ports: apache
11258| [52461] FreeBSD Ports: apache
11259| [52390] FreeBSD Ports: apache
11260| [52389] FreeBSD Ports: apache
11261| [52388] FreeBSD Ports: apache
11262| [52383] FreeBSD Ports: apache
11263| [52339] FreeBSD Ports: apache+mod_ssl
11264| [52331] FreeBSD Ports: apache
11265| [52329] FreeBSD Ports: ru-apache+mod_ssl
11266| [52314] FreeBSD Ports: apache
11267| [52310] FreeBSD Ports: apache
11268| [15588] Detect Apache HTTPS
11269| [15555] Apache mod_proxy content-length buffer overflow
11270| [15554] Apache mod_include priviledge escalation
11271| [14771] Apache <= 1.3.33 htpasswd local overflow
11272| [14177] Apache mod_access rule bypass
11273| [13644] Apache mod_rootme Backdoor
11274| [12293] Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
11275| [12280] Apache Connection Blocking Denial of Service
11276| [12239] Apache Error Log Escape Sequence Injection
11277| [12123] Apache Tomcat source.jsp malformed request information disclosure
11278| [12085] Apache Tomcat servlet/JSP container default files
11279| [11438] Apache Tomcat Directory Listing and File disclosure
11280| [11204] Apache Tomcat Default Accounts
11281| [11092] Apache 2.0.39 Win32 directory traversal
11282| [11046] Apache Tomcat TroubleShooter Servlet Installed
11283| [11042] Apache Tomcat DOS Device Name XSS
11284| [11041] Apache Tomcat /servlet Cross Site Scripting
11285| [10938] Apache Remote Command Execution via .bat files
11286| [10839] PHP.EXE / Apache Win32 Arbitrary File Reading Vulnerability
11287| [10773] MacOS X Finder reveals contents of Apache Web files
11288| [10766] Apache UserDir Sensitive Information Disclosure
11289| [10756] MacOS X Finder reveals contents of Apache Web directories
11290| [10752] Apache Auth Module SQL Insertion Attack
11291| [10704] Apache Directory Listing
11292| [10678] Apache /server-info accessible
11293| [10677] Apache /server-status accessible
11294| [10440] Check for Apache Multiple / vulnerability
11295|
11296| SecurityTracker - https://www.securitytracker.com:
11297| [1028865] Apache Struts Bugs Permit Remote Code Execution and URL Redirection Attacks
11298| [1028864] Apache Struts Wildcard Matching and Expression Evaluation Bugs Let Remote Users Execute Arbitrary Code
11299| [1028824] Apache mod_dav_svn URI Processing Flaw Lets Remote Users Deny Service
11300| [1028823] Apache Unspecified Flaw in mod_session_dbd Has Unspecified Impact
11301| [1028724] (HP Issues Fix for HP-UX) Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11302| [1028722] (Red Hat Issues Fix for JBoss) Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11303| [1028693] (Red Hat Issues Fix) Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11304| [1028622] Apache Struts 'includeParams' Bugs Permit Remote Command Execution and Cross-Site Scripting Attacks
11305| [1028621] Apache Subversion Bugs Let Remote Authenticated Users Execute Arbitrary Commands and Deny Service
11306| [1028540] Apache mod_rewrite Input Validation Flaw Lets Remote Users Execute Arbitrary Commands
11307| [1028534] Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
11308| [1028533] Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
11309| [1028532] Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
11310| [1028515] Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
11311| [1028457] Apache ActiveMQ Bugs Let Remote Users Conduct Cross-Site Scripting Attacks, Deny Service, and Obtain Potentially Sensitive Information
11312| [1028287] Apache CXF WSS4JInInterceptor Grants Service Access to Remote Users
11313| [1028286] Apache CXF WS-Security UsernameToken Processing Flaw Lets Remote Users Bypass Authentication
11314| [1028252] Apache Commons FileUpload Unsafe Temporary File Lets Local Users Gain Elevated Privileges
11315| [1028207] Apache Input Validation Bugs Permit Cross-Site Scripting Attacks
11316| [1027836] Apache Tomcat Connection Processing Bug Lets Remote Users Deny Service
11317| [1027834] Apache Tomcat Bug Lets Remote Users Bypass Cross-Site Request Forgery Prevention Filter
11318| [1027833] Apache Tomcat Bug Lets Remote Users Bypass Security Constraints
11319| [1027729] Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
11320| [1027728] Apache Tomcat Lets Remote Users Conduct DIGEST Authentication Replay Attacks
11321| [1027554] Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions
11322| [1027508] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11323| [1027421] Apache Web Server Bugs Permit Cross-Site Scripting and Information Disclosure Attacks
11324| [1027096] Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service
11325| [1026932] Apache LD_LIBRARY_PATH Processing Lets Local Users Gain Elevated Privileges
11326| [1026928] Apache OFBiz Unspecified Flaw Lets Remote Users Execute Arbitrary Code
11327| [1026927] Apache OFBiz Input Validation Flaws Permit Cross-Site Scripting Attacks
11328| [1026847] Apache Traffic Server Host Header Processing Flaw Lets Remote Users Deny Service
11329| [1026846] Apache Wicket Discloses Hidden Application Files to Remote Users
11330| [1026839] Apache Wicket Input Validation Flaw in 'wicket:pageMapName' Parameter Permits Cross-Site Scripting Attacks
11331| [1026616] Apache Bugs Let Remote Users Deny Service and Obtain Cookie Data
11332| [1026575] Apache Struts ParameterInterceptor() Flaw Lets Remote Users Execute Arbitrary Commands
11333| [1026484] Apache Struts Bug Lets Remote Users Overwrite Files and Execute Arbitrary Code
11334| [1026477] Apache Tomcat Hash Table Collision Bug Lets Remote Users Deny Service
11335| [1026402] Apache Struts Conversion Error Lets Remote Users Inject Arbitrary Commands
11336| [1026353] Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers
11337| [1026295] Apache Tomcat Lets Untrusted Web Applications Gain Elevated Privileges
11338| [1026267] Apache .htaccess File Integer Overflow Lets Local Users Execute Arbitrary Code
11339| [1026144] Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers
11340| [1026095] Apache Tomcat HTTP DIGEST Authentication Weaknesses Let Remote Users Conduct Bypass Attacks
11341| [1026054] Apache mod_proxy_ajp HTTP Processing Error Lets Remote Users Deny Service
11342| [1025993] Apache Tomcat AJP Protocol Processing Bug Lets Remote Users Bypass Authentication or Obtain Information
11343| [1025976] Apache Wicket Input Validation Flaw Permits Cross-Site Scripting Attacks
11344| [1025960] Apache httpd Byterange Filter Processing Error Lets Remote Users Deny Service
11345| [1025925] Apache Tomcat Commons Daemon jsvc Lets Local Users Gain Elevated Privileges
11346| [1025924] Apache Tomcat XML Validation Flaw Lets Applications Obtain Potentially Sensitive Information
11347| [1025788] Apache Tomcat Lets Malicious Applications Obtain Information and Deny Service
11348| [1025755] Apache Santuario Buffer Overflow Lets Remote Users Deny Service
11349| [1025712] Apache Tomcat Discloses Passwords to Local Users in Certain Cases
11350| [1025577] Apache Archiva Input Validation Hole Permits Cross-Site Scripting Attacks
11351| [1025576] Apache Archiva Request Validation Flaw Permits Cross-Site Request Forgery Attacks
11352| [1025527] Apache APR Library apr_fnmatch() Flaw Lets Remote Users Execute Arbitrary Code
11353| [1025303] Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users
11354| [1025215] Apache Tomcat May Ignore @ServletSecurity Annotation Protections
11355| [1025066] Apache Continuum Input Validation Flaw Permits Cross-Site Request Forgery Attacks
11356| [1025065] Apache Continuum Input Validation Hole Permits Cross-Site Scripting Attacks
11357| [1025027] Apache Tomcat maxHttpHeaderSize Parsing Error Lets Remote Users Deny Service
11358| [1025026] Apache Tomcat Manager Input Validation Hole Permits Cross-Site Scripting Attacks
11359| [1025025] Apache Tomcat Security Manager Lets Local Users Bypass File Permissions
11360| [1024764] Apache Tomcat Manager Input Validation Hole in 'sessionList.jsp' Permits Cross-Site Scripting Attacks
11361| [1024417] Apache Traffic Server Insufficient Randomization Lets Remote Users Poison the DNS Cache
11362| [1024332] Apache mod_cache and mod_dav Request Processing Flaw Lets Remote Users Deny Service
11363| [1024180] Apache Tomcat 'Transfer-Encoding' Header Processing Flaw Lets Remote Users Deny Service and Obtain Potentially Sensitive Information
11364| [1024096] Apache mod_proxy_http May Return Results for a Different Request
11365| [1023942] Apache mod_proxy_ajp Error Condition Lets Remote Users Deny Service
11366| [1023941] Apache ap_read_request() Memory Error May Let Remote Users Access Potentially Sensitive Information
11367| [1023778] Apache ActiveMQ Input Validation Flaw Permits Cross-Site Scripting Attacks
11368| [1023701] Apache mod_isapi Error Processing Flaw May Let Remote Users Deny Service
11369| [1023533] Apache mod_proxy Integer Overflow May Let Remote Users Execute Arbitrary Code
11370| [1022988] Apache Solaris Support Code Bug Lets Remote Users Deny Service
11371| [1022529] Apache mod_deflate Connection State Bug Lets Remote Users Deny Service
11372| [1022509] Apache mod_proxy stream_reqbody_cl() Infinite Loop Lets Remote Users Deny Service
11373| [1022296] Apache IncludesNoExec Options Restrictions Can Be Bypass By Local Users
11374| [1022264] Apache mod_proxy_ajp Bug May Disclose Another User's Response Data
11375| [1022001] Apache Tomcat mod_jk May Disclose Responses to the Wrong User
11376| [1021988] mod_perl Input Validation Flaw in Apache::Status and Apache2::Status Permits Cross-Site Scripting Attacks
11377| [1021350] NetWare Bug Lets Remote Users Access the ApacheAdmin Console
11378| [1020635] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11379| [1020520] Oracle WebLogic Apache Connector Lets Remote Users Execute Arbitrary Code
11380| [1020267] Apache mod_proxy Interim Response Process Bug Lets Remote Users Deny Service
11381| [1019784] Apache-SSL Certificate Processing Bug May Let Remote Users View Portions of Kernel Memory
11382| [1019256] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
11383| [1019194] Apache Input Validation Hole in Mod_AutoIndex When the Character Set is Undefined May Permit Cross-Site Scripting Attacks
11384| [1019185] Apache Input Validation Hole in mod_proxy_ftp Permits Cross-Site Scripting Attacks
11385| [1019154] Apache Input Validation Hole in mod_status Permits Cross-Site Scripting Attacks
11386| [1019093] Apache Input Validation Hole in mod_imap Permits Cross-Site Scripting Attacks
11387| [1019030] Apache Input Validation Hole in Default HTTP 413 Error Page Permits Cross-Site Scripting Attacks
11388| [1018633] Apache mod_proxy Bug Lets Remote Users Deny Service
11389| [1018304] Apache HTTPD scoreboard Protection Flaw Lets Local Users Terminate Arbitrary Processes
11390| [1018303] Apache HTTPD mod_cache May Let Remote Users Deny Service
11391| [1018302] Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks
11392| [1018269] Apache Tomcat Input Validation Hole in Processing Accept-Language Header Permits Cross-Site Scripting Attacks
11393| [1017904] Apache suEXEC Bugs May Let Local Users Gain Elevated Privileges
11394| [1017719] Apache Tomcat JK Web Server Connector Buffer Overflow in map_uri_to_worker() Lets Remote Users Execute Arbitrary Code
11395| [1017062] Apache mod_tcl Format String Bug in set_var() Function May Let Remote Users Execute Arbitrary Code
11396| [1016601] Apache mod_rewrite Off-by-one Error Lets Remote Users Execute Arbitrary Code
11397| [1016576] Apache Tomcat Discloses Directory Listings to Remote Users
11398| [1015447] Apache mod_ssl Null Pointer Dereference May Let Remote Users Deny Service
11399| [1015344] Apache mod_imap Input Validation Flaw in Referer Field Lets Remote Users Conduct Cross-Site Scripting Attacks
11400| [1015093] Apache Memory Leak in MPM 'worker.c' Code May Let Remote Users Deny Service
11401| [1014996] ApacheTop Unsafe Temporary File May Let Local Users Gain Elevated Privileges
11402| [1014833] Apache ssl_hook_Access() Function May Fail to Verify Client Certificates
11403| [1014826] Apache Memory Leak in 'byterange filter' Lets Remote Users Deny Service
11404| [1014575] Apache mod_ssl Off-by-one Buffer Overflow in Processing CRLs May Let Remote Users Deny Service
11405| [1014323] Apache Chunked Transfer-Encoding and Content-Length Processing Lets Remote Users Smuggle HTTP Requests
11406| [1013156] Apache mod_python Publisher Handler Discloses Information to Remote Users
11407| [1012829] Apache mod_auth_radius radcpy() Integer Overflow Lets Remote Users Deny Service in Certain Cases
11408| [1012416] Apache on Apple OS X Lets Remote Users Bypass Apache File Handlers and Directly Access Files
11409| [1012415] Apache on Apple HFS+ Filesystems May Disclose '.DS_Store' Files to Remote Users
11410| [1012414] Apache mod_digest_apple Lets Remote Users Replay Authentication Credentials
11411| [1012083] Apache Web Server Error in Processing Requests With Many Space Characters Lets Remote Users Deny Service
11412| [1011783] Apache mod_include Buffer Overflow Lets Local Users Execute Arbitrary Code
11413| [1011557] Apache mod_ssl SSLCipherSuite Directive Can By Bypassed in Certain Cases
11414| [1011385] Apache Satsify Directive Error May Let Remote Users Access Restricted Resources
11415| [1011340] Apache SSL Connection Abort State Error Lets Remote Users Deny Service
11416| [1011303] Apache ap_resolve_env() Buffer Overflow in Reading Configuration Files May Let Local Users Gain Elevated Privileges
11417| [1011299] Apache IPv6 Address Parsing Flaw May Let Remote Users Deny Service
11418| [1011248] Apache mod_dav LOCK Method Error May Let Remote Users Deny Service
11419| [1011213] Apache mod_ssl Can Be Crashed By Remote Users When Reverse Proxying SSL Connections
11420| [1010674] Apache Can Be Crashed By PHP Code Invoking Nested Remote Sockets
11421| [1010599] Apache httpd Header Line Memory Allocation Lets Remote Users Crash the Server
11422| [1010462] Apache mod_proxy Buffer Overflow May Let Remote Users Execute Arbitrary Code
11423| [1010322] Apache mod_ssl Stack Overflow in ssl_util_uuencode_binary() May Let Remote Users Execute Arbitrary Code
11424| [1010270] cPanel Apache mod_phpsuexec Options Let Local Users Gain Elevated Privileges
11425| [1009934] Apache Web Server Has Buffer Overflow in ebcdic2ascii() on Older Processor Architectures
11426| [1009516] Apache mod_survey HTML Report Format Lets Remote Users Conduct Cross-Site Scripting Attacks
11427| [1009509] Apache mod_disk_cache Stores Authentication Credentials on Disk
11428| [1009495] Apache Web Server Socket Starvation Flaw May Let Remote Users Deny Service
11429| [1009417] GroupWise WebAccess With Apache on NetWare Has Configuration Flaw That May Grant Web Access to Remote Users
11430| [1009338] Apache mod_access Parsing Flaw May Fail to Enforce Allow/Deny Rules
11431| [1009337] Apache mod_ssl Memory Leak Lets Remote Users Crash the Daemon
11432| [1009182] Apache for Cygwin '..%5C' Input Validation Flaw Discloses Files to Remote Users
11433| [1008973] PHP May Apply Incorrect php_admin_* Settings To Requests for Apache Virtual Hosts
11434| [1008967] Apache-SSL 'SSLFakeBasicAuth' Lets Remote Users Forge Client Certificates to Be Authenticated
11435| [1008920] Apache mod_digest May Validate Replayed Client Responses
11436| [1008828] Apache mod_python String Processing Bug Still Lets Remote Users Crash the Web Server
11437| [1008822] Apache mod_perl File Descriptor Leak May Let Local Users Hijack the http and https Services
11438| [1008675] mod_auth_shadow Apache Module Authenticates Expired Passwords
11439| [1008559] Apache mod_php File Descriptor Leak May Let Local Users Hijack the https Service
11440| [1008335] Apache mod_python String Processing Bug Lets Remote Users Crash the Web Server
11441| [1008196] Apache 2.x on Windows May Return Unexpected Files For URLs Ending With Certain Characters
11442| [1008030] Apache mod_rewrite Contains a Buffer Overflow
11443| [1008029] Apache mod_alias Contains a Buffer Overflow
11444| [1008028] Apache mod_cgid May Disclose CGI Output to Another Client
11445| [1007995] Apache Cocoon Forms May Let Remote Users Execute Arbitrary Java Code on the System
11446| [1007993] Apache Cocoon 'view-source' Sample Script Discloses Files to Remote Users
11447| [1007823] Apache Web Server mod_cgi Error May Let Malicious CGI Scripts Crash the Web Service
11448| [1007664] Apache::Gallery Unsafe Temporary Files May Let Local Users Gain Apache Web Server Privileges
11449| [1007557] Apache Web Server Does Not Filter Terminal Escape Sequences From Log Files
11450| [1007230] Apache HTTP Server 'rotatelogs' Bug on Win32 and OS/2 May Cause the Logging to Stop
11451| [1007146] Apache HTTP Server FTP Proxy Bug May Cause Denial of Service Conditions
11452| [1007145] Apache 'accept()' Errors May Cause Denial of Service Conditions
11453| [1007144] Apache Web Server 'type-map' File Error Permits Local Denial of Service Attacks
11454| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
11455| [1006864] Apache Web Server Can Be Crashed By Remote Users Via mod_dav Flaws and Also Via Basic Authentication
11456| [1006709] Apache mod_survey Input Validation Flaw Lets Remote Users Fill Up Disk Space
11457| [1006614] Apache mod_ntlm Buffer Overflow and Format String Flaw Let Remote Users Execute Arbitary Code
11458| [1006591] Apache mod_access_referer Module Null Pointer Dereference May Faciliate Denial of Service Attacks
11459| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
11460| [1006021] Apache Tomcat Server URL Parsing Error May Disclose Otherwise Inaccessible Web Directory Listings and Files to Remote Users
11461| [1005963] Apache Web Server 2.x Windows Device Access Flaw Lets Remote Users Crash the Server or Possibly Execute Arbitrary Code
11462| [1005962] Apache Web Server Path Parsing Flaw May Allow Remote Users to Execute Code in Certain Configurations
11463| [1005848] Apache 'printenv' Script Input Validation Bugs in Older Versions May Let Remote Users Conduct Cross-Site Scripting Attacks
11464| [1005765] Apache mod_jk Module Processing Bug When Used With Tomcat May Disclose Information to Remote Users or Crash
11465| [1005548] Apache mod_php Module May Allow Local Users to Gain Control of the Web Port
11466| [1005499] Apache Web Server (2.0.42) May Disclose CGI Source Code to Remote Users When Used With WebDAV
11467| [1005410] Apache Tomcat Java Servlet Engine Can Be Crashed Via Multiple Requests for DOS Device Names
11468| [1005351] Apache Web Server (1.3.x) Shared Memory Scoreboard Bug Lets Certain Local Users Issue Signals With Root Privileges
11469| [1005331] Apache Web Server (2.x) SSI Server Signature Filtering Hole Lets Remote Users Conduct Cross-Site Scripting Attacks
11470| [1005290] Apache Tomcat Java Server Default Servlet Returns JSP Source Code to Remote Users
11471| [1005285] Apache Web Server 'mod_dav' Has Null Pointer Bug That May Allow Remote Users to Cause Denial of Service Conditions
11472| [1005010] Apache Web Server (2.0) Has Unspecified Flaw That Allows Remote Users to Obtain Sensitive Data and Cause Denial of Service Conditions
11473| [1004770] Apache 2.x Web Server ap_log_rerror() Function May Disclose Full Installation Path to Remote Users
11474| [1004745] Apache Tomcat Java Server Allows Cross-Site Scripting Attacks
11475| [1004636] Apache mod_ssl 'Off-by-One' Bug May Let Local Users Crash the Web Server or Possibly Execute Arbitrary Code
11476| [1004602] Apache Tomcat Java Server for Windows Can Be Crashed By Remote Users Sending Malicious Requests to Hang All Available Working Threads
11477| [1004586] Apache Tomcat Java Server May Disclose the Installation Path to Remote Users
11478| [1004555] Apache Web Server Chunked Encoding Flaw May Let Remote Users Execute Arbitrary Code on the Server
11479| [1004209] Apache 'mod_python' Python Language Interpreter Bug in Publisher Handler May Allow Remote Users to Modify Files on the System
11480| [1003874] Apache Web Server for Windows Has Batch File Processing Hole That Lets Remote Users Execute Commands on the System
11481| [1003767] 'mod_frontpage' Module for Apache Web Server Has Buffer Overlow in 'fpexec.c' That Allows Remote Users to Execute Arbitrary Code on the System with Root Privileges
11482| [1003723] Apache-SSL for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11483| [1003664] 'mod_ssl' Security Package for Apache Web Server Has Buffer Overflow That Can Be Triggered By Remote Users
11484| [1003602] GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
11485| [1003465] PHP for Apache Web Server May Disclose Installation Path Information to Remote Users Making 'OPTIONS' Requests
11486| [1003451] Oracle Application Server PL/SQL Module for Apache Has Buffer Overflows That Allow Remote Users to Execute Arbitrary Code and Gain Access to the Server
11487| [1003131] Apache Web Server in Virtual Hosting Mode Can Be Crashed By a Local User Removing a Log Directory
11488| [1003104] PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
11489| [1003008] Apache 'mod_bf' Module Lets Remote Users Execute Arbitrary Code
11490| [1002629] Apache suEXEC Wrapper Fails to Observe Minimum Group ID Security Settings in Certain Situations
11491| [1002542] Apache Web Server Virtual Hosting Split-Logfile Function Lets Remote Users Write Log Entries to Arbitrary Files on the System
11492| [1002400] Apache mod_gzip Module Has Buffer Overflow That Can Be Exploited By Local Users to Gain Elevated Privileges
11493| [1002303] Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
11494| [1002188] Apache Web Server Discloses Internal IP Addresses to Remote Users in Certain Configurations
11495| [1001989] Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
11496| [1001719] Apache Web Server on Mac OS X Client Fails to Enforce File and Directory Access Protections, Giving Remote Users Access to Restricted Pages
11497| [1001572] Apache Web Server on Microsoft Windows Platforms Allows Remote Users to Crash the Web Server
11498| [1001304] Apache Web Server for Windows Lets Remote Users Crash the Web Server Application
11499| [1001083] Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
11500|
11501| OSVDB - http://www.osvdb.org:
11502| [96078] Apache CloudStack Infrastructure Menu Setup Network Multiple Field XSS
11503| [96077] Apache CloudStack Global Settings Multiple Field XSS
11504| [96076] Apache CloudStack Instances Menu Display Name Field XSS
11505| [96075] Apache CloudStack Instances Menu Add Instances Network Name Field XSS
11506| [96074] Apache CloudStack Instances Menu Add Instances Review Step Multiple Field XSS
11507| [96031] Apache HTTP Server suEXEC Symlink Arbitrary File Access
11508| [95888] Apache Archiva Single / Double Quote Character Handling XSS Weakness
11509| [95885] Apache Subversion mod_dav_svn Module Crafted HTTP Request Handling Remote DoS
11510| [95706] Apache OpenOffice.org (OOo) OOXML Document File XML Element Handling Memory Corruption
11511| [95704] Apache OpenOffice.org (OOo) DOC File PLCF Data Handling Memory Corruption
11512| [95603] Apache Continuum web/util/GenerateRecipentNotifier.java recipient Parameter XSS
11513| [95602] Apache Continuum web/action/notifier/JabberProjectNotifierEditAction-jabberProjectNotifierSave-validation.xml Multiple Parameter XSS
11514| [95601] Apache Continuum web/action/notifier/JabberGroupNotifierEditAction-jabberProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11515| [95600] Apache Continuum web/action/ScheduleAction-saveSchedule-validation.xml Multiple Parameter XSS
11516| [95599] Apache Continuumweb/action/BuildDefinitionAction-saveBuildDefinition-validation.xml Multiple Parameter XSS
11517| [95598] Apache Continuum web/action/AddProjectAction-addProject-validation.xml Multiple Parameter XSS
11518| [95597] Apache Continuum web/action/ProjectEditAction-projectSave-validation.xml Multiple Parameter XSS
11519| [95596] Apache Continuum web/action/notifier/IrcGroupNotifierEditAction-ircProjectGroupNotifierSave-validation.xml Multiple Parameter XSS
11520| [95595] Apache Continuum web/action/notifier/IrcProjectNotifierEditAction-ircProjectNotifierSave-validation.xml Multiple Parameter XSS
11521| [95594] Apache Continuum web/action/ProjectGroupAction.java Multiple Parameter XSS
11522| [95593] Apache Continuum web/action/AddProjectGroupAction.java Multiple Parameter XSS
11523| [95592] Apache Continuum web/action/AddProjectAction.java Multiple Parameter XSS
11524| [95523] Apache OFBiz Webtools Application View Log Screen Unspecified XSS
11525| [95522] Apache OFBiz Nested Expression Evaluation Arbitrary UEL Function Execution
11526| [95521] Apache HTTP Server mod_session_dbd Session Saving Unspecified Issue
11527| [95498] Apache HTTP Server mod_dav.c Crafted MERGE Request Remote DoS
11528| [95406] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Arbitrary Site Redirect
11529| [95405] Apache Struts DefaultActionMapper Multiple Prefixing Parameters Remote Code Execution
11530| [95011] Apache CXF XML Parser SOAP Message Handling CPU Resource Exhaustion Remote DoS
11531| [94705] Apache Geronimo RMI Classloader Exposure Serialized Object Handling Remote Code Execution
11532| [94651] Apache Santuario (XML Security for C++) XML Signature CanonicalizationMethod Parameter Spoofing Weakness
11533| [94636] Apache Continuum workingCopy.action userDirectory Traversal Arbitrary File Access
11534| [94635] Apache Maven SCM SvnCommandlineUtils Process Listing Local Password Disclosure
11535| [94632] Apache Maven Wagon SSH (wagon-ssh) Host Verification Failure MitM Weakness
11536| [94625] Apache Santuario (XML Security for C++) XML Signature Reference Crafted XPointer Expression Handling Heap Buffer Overflow
11537| [94618] Apache Archiva /archiva/security/useredit.action username Parameter XSS
11538| [94617] Apache Archiva /archiva/security/roleedit.action name Parameter XSS
11539| [94616] Apache Archiva /archiva/security/userlist!show.action roleName Parameter XSS
11540| [94615] Apache Archiva /archiva/deleteArtifact!doDelete.action groupId Parameter XSS
11541| [94614] Apache Archiva /archiva/admin/addLegacyArtifactPath!commit.action legacyArtifactPath.path Parameter XSS
11542| [94613] Apache Archiva /archiva/admin/addRepository.action Multiple Parameter XSS
11543| [94612] Apache Archiva /archiva/admin/editAppearance.action Multiple Parameter XSS
11544| [94611] Apache Archiva /archiva/admin/addLegacyArtifactPath.action Multiple Parameter XSS
11545| [94610] Apache Archiva /archiva/admin/addNetworkProxy.action Multiple Parameter XSS
11546| [94403] Apache Santuario (XML Security for C++) InclusiveNamespace PrefixList Processing Heap Overflow
11547| [94402] Apache Santuario (XML Security for C++) HMAC-based XML Signature Processing DoS
11548| [94401] Apache Santuario (XML Security for C++) XPointer Evaluation Stack Overflow
11549| [94400] Apache Santuario (XML Security for C++) HMAC-Based XML Signature Reference Element Validation Spoofing Weakness
11550| [94279] Apache Qpid CA Certificate Validation Bypass
11551| [94275] Apache Solr JettySolrRunner.java Can Not Find Error Message XSS
11552| [94233] Apache OpenJPA Object Deserialization Arbitrary Executable Creation
11553| [94042] Apache Axis JAX-WS Java Unspecified Exposure
11554| [93969] Apache Struts OGNL Expression Handling Double Evaluation Error Remote Command Execution
11555| [93796] Apache Subversion Filename Handling FSFS Repository Corruption Remote DoS
11556| [93795] Apache Subversion svnserve Server Aborted Connection Message Handling Remote DoS
11557| [93794] Apache Subversion contrib/hook-scripts/check-mime-type.pl svnlook Hyphenated argv Argument Handling Remote DoS
11558| [93793] Apache Subversion contrib/hook-scripts/svn-keyword-check.pl Filename Handling Remote Command Execution
11559| [93646] Apache Struts Crafted Parameter Arbitrary OGNL Code Execution
11560| [93645] Apache Struts URL / Anchor Tag includeParams Attribute Remote Command Execution
11561| [93636] Apache Pig Multiple Physical Operator Memory Exhaustion Remote Remote DoS
11562| [93635] Apache Wink DTD (Document Type Definition) Expansion Data Parsing Information Disclosure
11563| [93605] RT Apache::Session::File Session Replay Reuse Information Disclosure
11564| [93599] Apache Derby SYSCS_UTIL.SYSCS_SET_DATABASE_PROPERTY Boot Password Manipulation Re-encryption Failure Password Corruption
11565| [93555] Apache Commons Codec Invalid Base32 String Information Tunneling Weakness
11566| [93554] Apache HBase bulkLoadHFiles() Method ACL Bypass
11567| [93543] JBoss Enterprise Application Platform org.apache.catalina.connector.Response.encodeURL() Method MitM jsessionid Disclosure
11568| [93542] Apache ManifoldCF (Connectors Framework) org.apache.manifoldcf.crawler.ExportConfiguration Class Configuration Export Password Disclosure
11569| [93541] Apache Solr json.wrf Callback XSS
11570| [93524] Apache Hadoop GetSecurityDescriptorControl() Function Absolute Security Descriptor Handling NULL Descriptor Weakness
11571| [93521] Apache jUDDI Security API Token Session Persistence Weakness
11572| [93520] Apache CloudStack Default SSL Key Weakness
11573| [93519] Apache Shindig /ifr Cross-site Arbitrary Gadget Invocation
11574| [93518] Apache Solr /admin/analysis.jsp name Parameter XSS
11575| [93517] Apache CloudStack setup-cloud-management /etc/sudoers Modification Local Privilege Escalation
11576| [93516] Apache CXF UsernameTokenInterceptor Nonce Caching Replay Weakness
11577| [93515] Apache HBase table.jsp name Parameter XSS
11578| [93514] Apache CloudStack Management Server Unauthenticated Remote JMX Connection Default Setting Weakness
11579| [93463] Apache Struts EL / OGNL Interpretation Unspecified Remote Code Execution
11580| [93462] Apache CXF WS-SecurityPolicy AlgorithmSuite Arbitrary Ciphertext Decryption Weakness
11581| [93401] Apache Hadoop core-site.xml Permission Weakness Local Alfredo Secret Disclosure
11582| [93400] Apache Hadoop Map/Reduce Job Log Directory Symlink Arbitrary File Mode Manipulation
11583| [93397] Apache Wicket Referrer HTTP Header Session ID Disclosure
11584| [93366] Apache HTTP Server modules/mappers/mod_rewrite.c do_rewritelog() Function Log File Terminal Escape Sequence Filtering Remote Command Execution
11585| [93254] Apache Tomcat AsyncListener Method Cross-session Information Disclosure
11586| [93253] Apache Tomcat Chunked Transfer Encoding Data Saturation Remote DoS
11587| [93252] Apache Tomcat FORM Authenticator Session Fixation
11588| [93172] Apache Camel camel/endpoints/ Endpoint XSS
11589| [93171] Apache Sling HtmlResponse Error Message XSS
11590| [93170] Apache Directory DelegatingAuthenticator MitM Spoofing Weakness
11591| [93169] Apache Wave AuthenticationServlet.java Session Fixation Weakness
11592| [93168] Apache Click ErrorReport.java id Parameter XSS
11593| [93167] Apache ActiveMQ JMSXUserId Spoofing Weakness
11594| [93166] Apache CXF Crafted Message Element Count Handling System Resource Exhaustion Remote DoS
11595| [93165] Apache CXF Crafted Message Element Level Handling System Resource Exhaustion Remote DoS
11596| [93164] Apache Harmony DatagramSocket Class connect Method CheckAccept() IP Blacklist Bypass
11597| [93163] Apache Hadoop Map/Reduce Daemon Symlink Arbitrary File Overwrite
11598| [93162] Apache VelocityStruts struts/ErrorsTool.getMsgs Error Message XSS
11599| [93161] Apache CouchDB Rewriter VM Atom Table Memory Exhaustion Remote DoS
11600| [93158] Apache Wicket BookmarkablePageLink Feature XSS CSRF
11601| [93157] Apache Struts UrlHelper.java s:url includeParams Functionality XSS
11602| [93156] Apache Tapestry Calendar Component datefield.js datefield Parameter XSS
11603| [93155] Apache Struts fielderror.ftl fielderror Parameter Error Message XSS
11604| [93154] Apache JSPWiki Edit.jsp createPages WikiPermission Bypass
11605| [93153] Apache PDFBox PDFXrefStreamParser Missing Element Handling PDF Parsing DoS
11606| [93152] Apache Hadoop HttpServer.java Multiple Function XSS
11607| [93151] Apache Shiro Search Filter userName Parameter LDAP Code Injection Weakness
11608| [93150] Apache Harmony java.net.SocketPermission Class boolean equals Function checkConnect() Weakness Host Name Retrieval
11609| [93149] Apache Harmony java.security.Provider Class void load Function checkSecurityAccess() Weakness
11610| [93148] Apache Harmony java.security.ProtectionDomain Class java.lang.String.toString() Function checkPermission() Weakness
11611| [93147] Apache Harmony java.net.URLConnection openConnection Function checkConnect Weakness Proxy Connection Permission Bypass
11612| [93146] Apache Harmony java.net.ServerSocket Class void implAccept Function checkAccept() Weakness SerSocket Subclass Creation
11613| [93145] Apache Qpid JMS Client Detached Session Frame Handling NULL Pointer Dereference Remote DoS
11614| [93144] Apache Solr Admin Command Execution CSRF
11615| [93009] Apache VCL XMLRPC API Unspecified Function Remote Privilege Escalation
11616| [93008] Apache VCL Web GUI Unspecified Remote Privilege Escalation
11617| [92997] Apache Commons Codec org.apache.commons.codec.net.URLCodec Fields Missing 'final' Thread-safety Unspecified Issue
11618| [92976] Apache ActiveMQ scheduled.jsp crontab Command XSS
11619| [92947] Apache Commons Codec org.apache.commons.codec.language.Soundex.US_ENGLISH_MAPPING Missing MS_PKGPROTECT Field Manipulation Unspecified Issue
11620| [92749] Apache CloudStack Predictable Hash Virtual Machine Console Console Access URL Generation
11621| [92748] Apache CloudStack VM Console Access Restriction Bypass
11622| [92709] Apache ActiveMQ Web Console Unauthenticated Remote Access
11623| [92708] Apache ActiveMQ Sample Web Application Broker Resource Consumption Remote DoS
11624| [92707] Apache ActiveMQ webapp/websocket/chat.js Subscribe Message XSS
11625| [92706] Apache ActiveMQ Debug Log Rendering XSS
11626| [92705] Apache ActiveMQ PortfolioPublishServlet.java refresh Parameter XSS
11627| [92270] Apache Tomcat Unspecified CSRF
11628| [92094] Apache Subversion mod_dav_svn Module Nonexistent URL Lock Request Handling NULL Pointer Dereference Remote DoS
11629| [92093] Apache Subversion mod_dav_svn Module Activity URL PROPFIND Request Handling NULL Pointer Dereference Remote DoS
11630| [92092] Apache Subversion mod_dav_svn Module Log REPORT Request Handling NULL Pointer Dereference Remote DoS
11631| [92091] Apache Subversion mod_dav_svn Module Node Property Handling Resource Exhaustion Remote DoS
11632| [92090] Apache Subversion mod_dav_svn Module Activity URL Lock Request Handling NULL Pointer Dereference Remote DoS
11633| [91774] Apache Commons Codec Unspecified Non-private Field Manipulation Weakness
11634| [91628] mod_ruid2 for Apache HTTP Server fchdir() Inherited File Descriptor chroot Restriction Bypass
11635| [91328] Apache Wicket $up$ Traversal Arbitrary File Access
11636| [91295] Apple Mac OS X Apache Unicode Character URI Handling Authentication Bypass
11637| [91235] Apache Rave /app/api/rpc/users/get User Object Hashed Password Remote Disclosure
11638| [91185] Munin Default Apache Configuration Permission Weakness Remote Information Disclosure
11639| [91173] Apache Wicket WebApplicationPath Constructor Bypass /WEB-INF/ Directory File Access
11640| [91172] Apache Wicket PackageResourceGuard File Extension Filter Bypass
11641| [91025] Apache Qpid qpid::framing::Buffer Class Multiple Method Out-of-bounds Access Remote DoS
11642| [91024] Apache Qpid federation_tag Attribute Handling Federated Interbroker Link Access Restriction Bypass
11643| [91023] Apache Qpid AMQP Type Decoder Exposure Array Size Value Handling Memory Consumption Remote DoS
11644| [91022] Apache Qpid qpid/cpp/include/qpid/framing/Buffer.h qpid::framing::Buffer::checkAvailable() Function Integer Overflow
11645| [90986] Apache Jena ARQ INSERT DATA Request Handling Overflow
11646| [90907] Apache Subversion mod_dav_svn / libsvn_fs svn_fs_file_length() Function MKACTIVITY / PROPFIND Option Request Handling Remote DoS
11647| [90906] Apache Commons FileUpload /tmp Storage Symlink Arbitrary File Overwrite
11648| [90864] Apache Batik 1xx Redirect Script Origin Restriction Bypass
11649| [90858] Apache Ant Malformed TAR File Handling Infinite Loop DoS
11650| [90852] Apache HTTP Server for Debian apachectl /var/lock Permission Weakness Symlink Directory Permission Manipulation
11651| [90804] Apache Commons CLI Path Subversion Local Privilege Escalation
11652| [90802] Apache Avro Recursive Schema Handling Infinite Recursion DoS
11653| [90592] Apache Batik ApplicationSecurityEnforcer.java Multiple Method Security Restriction Bypass
11654| [90591] Apache Batik XML External Entity (XXE) Data Parsing Arbitrary File Disclosure
11655| [90565] Apache Tomcat Log Directory Permission Weakness Local Information Disclosure
11656| [90564] Apache Maven / Maven Wagon SSL Certificate Validation MitM Spoofing Weakness
11657| [90557] Apache HTTP Server mod_proxy_balancer balancer-manager Interface Multiple Parameter XSS
11658| [90556] Apache HTTP Server Multiple Module Multiple Parameter XSS
11659| [90276] Apache Axis2 axis2.xml Plaintext Password Local Disclosure
11660| [90249] Apache Axiom ClassLoader XMLInputFactory / XMLOutputFactory Construction Unspecified Issue
11661| [90235] Apache Commons HttpClient Certificate Wildcard Matching Weakness
11662| [90079] Apache CXF WSS4JInInterceptor URIMappingInterceptor WS-Security SOAP Service Access Restriction Bypass
11663| [90078] Apache CXF WS-SecurityPolicy Enabled Plaintext UsernameTokens Handling Authentication Bypass
11664| [89453] Apache Open For Business Project (OFBiz) Screenlet.title Widget Attribute XSS
11665| [89452] Apache Open For Business Project (OFBiz) Image.alt Widget Attribute XSS
11666| [89294] Apache CouchDB Futon UI Browser-based Test Suite Query Parameter XSS
11667| [89293] Apache CouchDB Unspecified Traversal Arbitrary File Access
11668| [89275] Apache HTTP Server mod_proxy_ajp Module Expensive Request Parsing Remote DoS
11669| [89267] Apache CouchDB JSONP Callback Handling Unspecified XSS
11670| [89146] Apache CloudStack Master Server log4j.conf SSH Private Key / Plaintext Password Disclosure
11671| [88603] Apache OpenOffice.org (OOo) Unspecified Information Disclosure
11672| [88602] Apache OpenOffice.org (OOo) Unspecified Manifest-processing Issue
11673| [88601] Apache OpenOffice.org (OOo) Unspecified PowerPoint File Handling Issue
11674| [88285] Apache Tomcat Partial HTTP Request Saturation Remote DoS
11675| [88095] Apache Tomcat NIO Connector Terminated Connection Infinte Loop DoS
11676| [88094] Apache Tomcat FORM Authentication Crafted j_security_check Request Security Constraint Bypass
11677| [88093] Apache Tomcat Null Session Requst CSRF Prevention Filter Bypass
11678| [88043] IBM Tivoli Netcool/Reporter Apache CGI Unspecified Remote Command Execution
11679| [87580] Apache Tomcat DIGEST Authentication Session State Caching Authentication Bypass Weakness
11680| [87579] Apache Tomcat DIGEST Authentication Stale Nonce Verification Authentication Bypass Weakness
11681| [87477] Apache Tomcat Project Woodstock Service Error Page UTF-7 XSS Weakness
11682| [87227] Apache Tomcat InternalNioInputBuffer.java parseHeaders() Function Request Header Size Parsing Remote DoS
11683| [87223] Apache Tomcat DIGEST Authentication replay-countermeasure Functionality cnonce / cn Verification Authentication Bypass Weakness
11684| [87160] Apache Commons HttpClient X.509 Certificate Domain Name Matching MiTM Weakness
11685| [87159] Apache CXF X.509 Certificate Domain Name Matching MiTM Weakness
11686| [87150] Apache Axis / Axis2 X.509 Certificate Domain Name Matching MiTM Weakness
11687| [86902] Apache HTTP Server 3xx Redirect Internal IP Address Remote Disclosure
11688| [86901] Apache Tomcat Error Message Path Disclosure
11689| [86684] Apache CloudStack Unauthorized Arbitrary API Call Invocation
11690| [86556] Apache Open For Business Project (OFBiz) Unspecified Issue
11691| [86503] Visual Tools VS home/apache/DiskManager/cron/init_diskmgr Local Command Execution
11692| [86401] Apache ActiveMQ ResourceHandler Traversal Arbitrary File Access
11693| [86225] Apache Axis2 XML Signature Wrapping (XSW) Authentication Bypass
11694| [86206] Apache Axis2 Crafted SAML Assertion Signature Exclusion Attack Authentication Bypass
11695| [85722] Apache CXF SOAP Request Parsing Access Restriction Bypass
11696| [85704] Apache Qpid Incoming Client Connection Saturation Remote DoS
11697| [85474] Eucalyptus Apache Santuario (XML Security for Java) Library XML Signature Transform Handling DoS
11698| [85430] Apache mod_pagespeed Module Unspecified XSS
11699| [85429] Apache mod_pagespeed Module Hostname Verification Cross-host Resource Disclosure
11700| [85249] Apache Wicket Unspecified XSS
11701| [85236] Apache Hadoop conf/hadoop-env.sh Temporary File Symlink Arbitrary File Manipulation
11702| [85090] Apache HTTP Server mod_proxy_ajp.c mod_proxy_ajp Module Proxy Functionality Cross-client Information Disclosure
11703| [85089] Apache HTTP Server mod_proxy_http.c mod_proxy_http Module Cross-client Information Disclosure
11704| [85062] Apache Solr Autocomplete Module for Drupal Autocomplete Results XSS
11705| [85010] Apache Struts Token Handling Mechanism Token Name Configuration Parameter CSRF Weakness
11706| [85009] Apache Struts Request Parameter OGNL Expression Parsing Remote DoS
11707| [84911] libapache2-mod-rpaf X-Forward-For HTTP Header Parsing Remote DoS
11708| [84823] Apache HTTP Server Multiple Module Back End Server Error Handling HTTP Request Parsing Remote Information Disclosure
11709| [84818] Apache HTTP Server mod_negotiation Module mod_negotiation.c make_variant_list Function XSS
11710| [84562] Apache Qpid Broker Authentication Mechanism AMQP Client Shadow Connection NullAuthenticator Request Parsing Authentication Bypass
11711| [84458] Apache Libcloud SSL Certificate Validation MitM Spoofing Weakness
11712| [84279] PHP on Apache php_default_post_reader POST Request Handling Overflow DoS
11713| [84278] PHP w/ Apache PDO::ATTR_DEFAULT_FETCH_MODE / PDO::FETCH_CLASS DoS
11714| [84231] Apache Hadoop DataNodes Client BlockTokens Arbitrary Block Access
11715| [83943] Oracle Solaris Cluster Apache Tomcat Agent Subcomponent Unspecified Local Privilege Escalation
11716| [83939] Oracle Solaris Apache HTTP Server Subcomponent Unspecified Remote Information Disclosure
11717| [83685] svnauthcheck Apache HTTP Configuration File Permission Revocation Weakness
11718| [83682] Apache Sling POST Servlet @CopyFrom Operation HTTP Request Parsing Infinite Loop Remote DoS
11719| [83339] Apache Roller Blogger Roll Unspecified XSS
11720| [83270] Apache Roller Unspecified Admin Action CSRF
11721| [82782] Apache CXF WS-SecurityPolicy 1.1 SupportingToken Policy Bypass
11722| [82781] Apache CXF WS-SecurityPolicy Supporting Token Children Specification Token Signing Verification Weakness
11723| [82611] cPanel Apache Piped Log Configuration Log Message Formatting Traversal Arbitrary File Creation
11724| [82436] MapServer for Windows Bundled Apache / PHP Configuration Local File Inclusion
11725| [82215] PHP sapi/cgi/cgi_main.c apache_request_headers Function HTTP Header Handling Remote Overflow
11726| [82161] Apache Commons Compress bzip2 File Compression BZip2CompressorOutputStream Class File Handling Remote DoS
11727| [81965] Apache Batik Squiggle SVG Browser JAR File Arbitrary Code Execution
11728| [81790] Apache POI src/org/apache/poi/hwpf/model/UnhandledDataStructure.java UnhandledDataStructure() constructor Length Attribute CDF / CFBF File Handling Remote DoS
11729| [81660] Apache Qpid Credential Checking Cluster Authentication Bypass
11730| [81511] Apache for Debian /usr/share/doc HTTP Request Parsing Local Script Execution
11731| [81359] Apache HTTP Server LD_LIBRARY_PATH Variable Local Privilege Escalation
11732| [81349] Apache Open For Business Project (OFBiz) Webslinger Component Unspecified XSS
11733| [81348] Apache Open For Business Project (OFBiz) Content IDs / Map-Keys Unspecified XSS
11734| [81347] Apache Open For Business Project (OFBiz) Parameter Arrays Unspecified XSS
11735| [81346] Apache Open For Business Project (OFBiz) checkoutProcess.js getServerError() Function Unspecified XSS
11736| [81196] Apache Open For Business Project (OFBiz) FlexibleStringExpander Nested Script String Parsing Remote Code Execution
11737| [80981] Apache Hadoop Kerberos/MapReduce Security Feature User Impersonation Weakness
11738| [80571] Apache Traffic Server Host HTTP Header Parsing Remote Overflow
11739| [80547] Apache Struts XSLTResult.java File Upload Arbitrary Command Execution
11740| [80360] AskApache Password Protector Plugin for WordPress Error Page $_SERVER Superglobal XSS
11741| [80349] Apache HTTP Server mod_fcgid Module fcgid_spawn_ctl.c FcgidMaxProcessesPerClass Virtual Host Directive HTTP Request Parsing Remote DoS
11742| [80301] Apache Wicket /resources/ Absolute Path Arbitrary File Access
11743| [80300] Apache Wicket wicket:pageMapName Parameter XSS
11744| [79478] Apache Solr Extension for TYPO3 Unspecified XSS
11745| [79002] Apache MyFaces javax.faces.resource In Parameter Traversal Arbitrary File Access
11746| [78994] Apache Struts struts-examples/upload/upload-submit.do name Parameter XSS
11747| [78993] Apache Struts struts-cookbook/processDyna.do message Parameter XSS
11748| [78992] Apache Struts struts-cookbook/processSimple.do message Parameter XSS
11749| [78991] Apache Struts struts2-rest-showcase/orders clientName Parameter XSS
11750| [78990] Apache Struts struts2-showcase/person/editPerson.action Multiple Parameter XSS
11751| [78932] Apache APR Hash Collision Form Parameter Parsing Remote DoS
11752| [78903] Apache CXF SOAP Request Parsing WS-Security UsernameToken Policy Bypass
11753| [78600] Apache Tomcat HTTP DIGEST Authentication DigestAuthenticator.java Catalina Weakness Security Bypass
11754| [78599] Apache Tomcat HTTP DIGEST Authentication Realm Value Parsing Security Bypass
11755| [78598] Apache Tomcat HTTP DIGEST Authentication qop Value Parsing Security Bypass
11756| [78573] Apache Tomcat Parameter Saturation CPU Consumption Remote DoS
11757| [78556] Apache HTTP Server Status Code 400 Default Error Response httpOnly Cookie Disclosure
11758| [78555] Apache HTTP Server Threaded MPM %{cookiename}C Log Format String Cookie Handling Remote DoS
11759| [78501] Apache Struts ParameterInterceptor Class OGNL Expression Parsing Remote Command Execution
11760| [78331] Apache Tomcat Request Object Recycling Information Disclosure
11761| [78293] Apache HTTP Server Scoreboard Invalid Free Operation Local Security Bypass
11762| [78277] Apache Struts ExceptionDelegator Component Parameter Parsing Remote Code Execution
11763| [78276] Apache Struts DebuggingInterceptor Component Developer Mode Unspecified Remote Command Execution
11764| [78113] Apache Tomcat Hash Collision Form Parameter Parsing Remote DoS
11765| [78112] Apache Geronimo Hash Collision Form Parameter Parsing Remote DoS
11766| [78109] Apache Struts ParameterInterceptor Traversal Arbitrary File Overwrite
11767| [78108] Apache Struts CookieInterceptor Cookie Name Handling Remote Command Execution
11768| [77593] Apache Struts Conversion Error OGNL Expression Injection
11769| [77496] Apache ActiveMQ Failover Mechanism Openwire Request Parsing Remote DoS
11770| [77444] Apache HTTP Server mod_proxy Mdule Web Request HTTP/0.9 Protocol URL Parsing Proxy Remote Security Bypass
11771| [77374] Apache MyFaces Java Bean includeViewParameters Parsing EL Expression Security Weakness
11772| [77310] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness (2011-4317)
11773| [77234] Apache HTTP Server on cygwin Encoded Traversal Arbitrary File Access
11774| [77012] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Memory Consumption DoS
11775| [76944] Apache Tomcat Manager Application Servlets Access Restriction Bypass
11776| [76744] Apache HTTP Server server/utils.c ap_pregsub() Function htaccess File Handling Local Overflow
11777| [76189] Apache Tomcat HTTP DIGEST Authentication Weakness
11778| [76079] Apache HTTP Server mod_proxy Mdule Web Request URL Parsing Proxy Remote Security Bypass (2011-3368)
11779| [76072] Apache JServ jserv.conf jserv-status Handler jserv/ URI Request Parsing Local Information Disclosure
11780| [75807] Apache HTTP Server Incomplete Header Connection Saturation Remote DoS
11781| [75647] Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remote DoS
11782| [75376] Apache Libcloud SSL Certificate Validation MitM Server Spoofing Weakness
11783| [74853] Domain Technologie Control /etc/apache2/apache2.conf File Permissions Weakness dtcdaemons User Password Disclosure
11784| [74818] Apache Tomcat AJP Message Injection Authentication Bypass
11785| [74725] Apache Wicket Multi Window Support Unspecified XSS
11786| [74721] Apache HTTP Server ByteRange Filter Memory Exhaustion Remote DoS
11787| [74541] Apache Commons Daemon Jsvc Permissions Weakness Arbitrary File Access
11788| [74535] Apache Tomcat XML Parser Cross-application Multiple File Manipulation
11789| [74447] Apache Struts XWork Nonexistent Method s:submit Element Internal Java Class Remote Path Disclosure
11790| [74262] Apache HTTP Server Multi-Processing Module itk.c Configuration Merger mpm-itk root UID / GID Remote Privilege Escalation
11791| [74120] Apache HTTP Server mod_authnz_external mysql/mysql-auth.pl user Field SQL Injection
11792| [73920] Oracle Secure Backup /apache/htdocts/php/common.php username Parameter Remote Code Execution
11793| [73798] Apache Tomcat sendfile Request Start / Endpoint Parsing Local DoS
11794| [73797] Apache Tomcat sendfile Request Attribute Validation Weakness Local Access Restriction Bypass
11795| [73776] Apache Tomcat HTTP BIO Connector HTTP Pipelining Cross-user Remote Response Access
11796| [73644] Apache XML Security Signature Key Parsing Overflow DoS
11797| [73600] Apache Struts javatemplates Plugin Component Handlers .action URI Multiple Parameter XSS
11798| [73462] Apache Rampart/C util/rampart_timestamp_token.c rampart_timestamp_token_validate Function Expired Token Remote Access Restriction Bypass
11799| [73429] Apache Tomcat JMX MemoryUserDatabase Local Password Disclosure
11800| [73384] Apache HTTP Server mod_rewrite PCRE Resource Exhaustion DoS
11801| [73383] Apache HTTP Server Portable Runtime (APR) Library apr_fnmatch() Infinite Loop Remote DoS
11802| [73378] IBM WebSphere Application Server (WAS) JavaServer Pages org.apache.jasper.runtime.JspWriterImpl.response JSP Page Application Restart Remote DoS
11803| [73247] Apache Subversion mod_dav_svn File Permission Weakness Information Disclosure
11804| [73246] Apache Subversion mod_dav_svn Path-based Access Control Rule Handling Remote DoS
11805| [73245] Apache Subversion mod_dav_svn Baselined Resource Request Handling Remote DoS
11806| [73154] Apache Archiva Multiple Unspecified CSRF
11807| [73153] Apache Archiva /archiva/admin/deleteNetworkProxy!confirm.action proxyid Parameter XSS
11808| [72407] Apache Tomcat @ServletSecurity Initial Load Annotation Security Constraint Bypass Information Disclosure
11809| [72238] Apache Struts Action / Method Names <
11810| [71647] Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
11811| [71558] Apache Tomcat SecurityManager ServletContext Attribute Traversal Arbitrary File Manipulation
11812| [71557] Apache Tomcat HTML Manager Multiple XSS
11813| [71075] Apache Archiva User Management Page XSS
11814| [71027] Apache Tomcat @ServletSecurity Annotation Security Constraint Bypass Information Disclosure
11815| [70925] Apache Continuum Project Pages Unspecified XSS (2011-0533)
11816| [70924] Apache Continuum Multiple Admin Function CSRF
11817| [70809] Apache Tomcat NIO HTTP Connector Request Line Processing DoS
11818| [70734] Apache CouchDB Request / Cookie Handling Unspecified XSS
11819| [70585] Oracle Fusion Middleware Oracle HTTP Server Apache Plugin Unspecified Remote Issue
11820| [70333] Apache Subversion rev_hunt.c blame Command Multiple Memory Leak Remote DoS
11821| [70332] Apache Subversion Apache HTTP Server mod_dav_svn repos.c walk FunctionSVNParentPath Collection Remote DoS
11822| [69659] Apache Archiva Admin Authentication Weakness Privilege Escalation
11823| [69520] Apache Archiva Administrator Credential Manipulation CSRF
11824| [69512] Apache Tomcat Set-Cookie Header HTTPOnly Flag Session Hijacking Weakness
11825| [69456] Apache Tomcat Manager manager/html/sessions Multiple Parameter XSS
11826| [69275] Apache mod_fcgid Module fcgid_bucket.c fcgid_header_bucket_read() Function Remote Overflow
11827| [69067] Apache Shiro URI Path Security Traversal Information Disclosure
11828| [68815] Apache MyFaces shared/util/StateUtils.java View State MAC Weakness Cryptographic Padding Remote View State Modification
11829| [68670] Apache Qpid C++ Broker Component broker/SessionAdapter.cpp SessionAdapter::ExchangeHandlerImpl::checkAlternate Function Exchange Alternate Remote DoS
11830| [68669] Apache Qpid cluster/Cluster.cpp Cluster::deliveredEvent Function Invalid AMQP Data Remote DoS
11831| [68662] Apache Axis2 dswsbobje.war Module Admin Account Default Password
11832| [68531] Apache Qpid qpidd sys/ssl/SslSocket.cpp Incomplete SSL Handshake Remote DoS
11833| [68327] Apache APR-util buckets/apr_brigade.c apr_brigade_split_line() Function Memory Consumption DoS
11834| [68314] Apache XML-RPC SAX Parser External Entity Information Disclosure
11835| [67964] Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
11836| [67846] SUSE Lifecycle Management Server on SUSE Linux Enterprise apache2-slms Parameter Quoting CSRF
11837| [67294] Apache CXF XML SOAP Message Crafted Document Type Declaration Remote DoS
11838| [67240] Apache CouchDB Installation Page Direct Request Arbitrary JavaScript Code Execution CSRF
11839| [67205] Apache Derby BUILTIN Authentication Password Hash Generation Algorithm SHA-1 Transformation Password Substitution
11840| [66745] Apache HTTP Server Multiple Modules Pathless Request Remote DoS
11841| [66319] Apache Tomcat Crafted Transfer-Encoding Header Handling Buffer Recycling Remote DoS
11842| [66280] Apache Struts XWork ParameterInterceptor Server-Side Object Remote Code Execution
11843| [66226] Apache Axis2 Admin Interface Cookie Session Fixation
11844| [65697] Apache Axis2 / Java SOAP Message DTD Rejection Weakness Arbitrary File Access
11845| [65654] Apache HTTP Server mod_proxy_http mod_proxy_http.c Timeout Detection Weakness HTTP Request Response Disclosure
11846| [65429] Apache MyFaces Unencrypted ViewState Serialized View Object Manipulation Arbitrary Expression Language (EL) Statement Execution
11847| [65054] Apache ActiveMQ Jetty Error Handler XSS
11848| [64844] Apache Axis2/Java axis2/axis2-admin/engagingglobally modules Parameter XSS
11849| [64522] Apache Open For Business Project (OFBiz) ecommerce/control/contactus Multiple Parameter XSS
11850| [64521] Apache Open For Business Project (OFBiz) Web Tools Section entityName Parameter XSS
11851| [64520] Apache Open For Business Project (OFBiz) ecommerce/control/ViewBlogArticle contentId Parameter XSS
11852| [64519] Apache Open For Business Project (OFBiz) Control Servlet URI XSS
11853| [64518] Apache Open For Business Project (OFBiz) Show Portal Page Section start Parameter XSS
11854| [64517] Apache Open For Business Project (OFBiz) View Profile Section partyId Parameter XSS
11855| [64516] Apache Open For Business Project (OFBiz) Export Product Listing Section productStoreId Parameter XSS
11856| [64307] Apache Tomcat Web Application Manager/Host Manager CSRF
11857| [64056] mod_auth_shadow for Apache HTTP Server wait() Function Authentication Bypass
11858| [64023] Apache Tomcat WWW-Authenticate Header Local Host Information Disclosure
11859| [64020] Apache ActiveMQ Jetty ResourceHandler Crafted Request JSP File Source Disclosure
11860| [63895] Apache HTTP Server mod_headers Unspecified Issue
11861| [63368] Apache ActiveMQ createDestination.action JMSDestination Parameter CSRF
11862| [63367] Apache ActiveMQ createDestination.action JMSDestination Parameter XSS
11863| [63350] Apache CouchDB Hash Verification Algorithm Predictable Execution Time Weakness
11864| [63140] Apache Thrift Service Malformed Data Remote DoS
11865| [62676] Apache HTTP Server mod_proxy_ajp Module Crafted Request Remote DoS
11866| [62675] Apache HTTP Server Multi-Processing Module (MPM) Subrequest Header Handling Cross-thread Information Disclosure
11867| [62674] Apache HTTP Server mod_isapi Module Unloading Crafted Request Remote DoS
11868| [62231] Apache HTTP Server Logging Format Weakness Crafted DNS Response IP Address Spoofing
11869| [62230] Apache HTTP Server Crafted DNS Response Inverse Lookup Log Corruption XSS
11870| [62054] Apache Tomcat WAR Filename Traversal Work-directory File Deletion
11871| [62053] Apache Tomcat Autodeployment Process appBase File HTTP Request Authentication Bypass
11872| [62052] Apache Tomcat WAR File Traversal Arbitrary File Overwrite
11873| [62009] Apache HTTP Server src/modules/proxy/proxy_util.c mod_proxy ap_proxy_send_fb() Function Overflow
11874| [61379] Apache River Outrigger Entry Storage Saturation Memory Exhaustion DoS
11875| [61378] Apache Hadoop Map/Reduce JobTracker Memory Consumption DoS
11876| [61377] Apache Commons Modeler Multiple Mutable Static Fields Weakness
11877| [61376] Apache Rampart wsse:security Tag Signature Value Checking Weakness
11878| [60687] Apache C++ Standard Library (STDCXX) strxfrm() Function Overflow
11879| [60680] Apache Hadoop JobHistory Job Name Manipulation Weakness
11880| [60679] Apache ODE DeploymentWebService OMElement zipPart CRLF Injection
11881| [60678] Apache Roller Comment Email Notification Manipulation DoS
11882| [60677] Apache CouchDB Unspecified Document Handling Remote DoS
11883| [60428] Sun Java Plug-in org.apache.crimson.tree.XmlDocument Class reateXmlDocument Method Floppy Drive Access Bypass
11884| [60413] mod_throttle for Apache Shared Memory File Manipulation Local Privilege Escalation
11885| [60412] Sun Java Plug-in org.apache.xalan.processor.XSLProcessorVersion Class Unsigned Applet Variable Sharing Privilege Escalation
11886| [60396] Apache HTTP Server on OpenBSD Multipart MIME Boundary Remote Information Disclosure
11887| [60395] Apache HTTP Server on OpenBSD ETag HTTP Header Remote Information Disclosure
11888| [60232] PHP on Apache php.exe Direct Request Remote DoS
11889| [60176] Apache Tomcat Windows Installer Admin Default Password
11890| [60016] Apache HTTP Server on HP Secure OS for Linux HTTP Request Handling Unspecified Issue
11891| [59979] Apache HTTP Server on Apple Mac OS X HTTP TRACE Method Unspecified Client XSS
11892| [59969] Apache HTTP Server mod_ssl SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection
11893| [59944] Apache Hadoop jobhistory.jsp XSS
11894| [59374] Apache Solr Search Extension for TYPO3 Unspecified XSS
11895| [59022] Apache Shindig ConcatProxyServlet HTTP Header Response Splitting
11896| [59021] Apache Cocoon X-Cocoon-Version Header Remote Information Disclosure
11897| [59020] Apache Tapestry HTTPS Session Cookie Secure Flag Weakness
11898| [59019] Apache mod_python Cookie Salting Weakness
11899| [59018] Apache Harmony Error Message Handling Overflow
11900| [59013] Apache Derby SYSCS_EXPORT_TABLE Arbitrary File Overwrite
11901| [59012] Apache Derby Driver Auto-loading Non-deterministic Startup Weakness
11902| [59011] Apache JSPWiki Page Attachment Change Note Function XSS
11903| [59010] Apache Solr get-file.jsp XSS
11904| [59009] Apache Solr action.jsp XSS
11905| [59008] Apache Solr analysis.jsp XSS
11906| [59007] Apache Solr schema.jsp Multiple Parameter XSS
11907| [59006] Apache Beehive select / checkbox Tag XSS
11908| [59005] Apache Beehive jpfScopeID Global Parameter XSS
11909| [59004] Apache Beehive Error Message XSS
11910| [59003] Apache HttpClient POST Request Handling Memory Consumption DoS
11911| [59002] Apache Jetspeed default-page.psml URI XSS
11912| [59001] Apache Axis2 xsd Parameter Traversal Arbitrary File Disclosure
11913| [59000] Apache CXF Unsigned Message Policy Bypass
11914| [58999] Apache WSS4J CallbackHandler Plaintext Password Validation Weakness
11915| [58998] Apache OpenJPA persistence.xml Cleartext Password Local Disclosure
11916| [58997] Apache OpenEJB openejb.xml Cleartext Password Local Disclosure
11917| [58996] Apache Hadoop Map/Reduce LinuxTaskController File Group Ownership Weakness
11918| [58995] Apache Hadoop Map/Reduce Task Ownership Weakness
11919| [58994] Apache Hadoop Map/Reduce DistributedCache Localized File Permission Weakness
11920| [58993] Apache Hadoop browseBlock.jsp XSS
11921| [58991] Apache Hadoop browseDirectory.jsp XSS
11922| [58990] Apache Hadoop Map/Reduce HTTP TaskTrackers User Data Remote Disclosure
11923| [58989] Apache Hadoop Sqoop Process Listing Local Cleartext Password Disclosure
11924| [58988] Apache Hadoop Chukwa HICC Portal Unspecified XSS
11925| [58987] Apache Hadoop Map/Reduce TaskTracker User File Permission Weakness
11926| [58986] Apache Qpid Encrypted Message Handling Remote Overflow DoS
11927| [58985] Apache Qpid Process Listing Local Cleartext Password Disclosure
11928| [58984] Apache Jackrabbit Content Repository (JCR) Default Account Privilege Access Weakness
11929| [58983] Apache Jackrabbit Content Repository (JCR) NamespaceRegistry API Registration Method Race Condition
11930| [58982] Apache Synapse Proxy Service Security Policy Mismatch Weakness
11931| [58981] Apache Geronimo TomcatGeronimoRealm Security Context Persistence Weakness
11932| [58980] Apache Geronimo LDAP Realm Configuration Restart Reversion Weakness
11933| [58979] Apache MyFaces Tomahawk ExtensionsPhaseListener HTML Injection Information Disclosure
11934| [58978] Apache MyFaces Trinidad LocaleInfoScriptlet XSS
11935| [58977] Apache Open For Business Project (OFBiz) Multiple Default Accounts
11936| [58976] Apache Open For Business Project (OFBiz) URI passThru Parameter XSS
11937| [58975] Apache Open For Business Project (OFBiz) PARTYMGR_CREATE/UPDATE Permission Arbitrary User Password Modification
11938| [58974] Apache Sling /apps Script User Session Management Access Weakness
11939| [58973] Apache Tuscany Crafted SOAP Request Access Restriction Bypass
11940| [58931] Apache Geronimo Cookie Parameters Validation Weakness
11941| [58930] Apache Xalan-C++ XPath Handling Remote DoS
11942| [58879] Apache Portable Runtime (APR-util) poll/unix/port.c Event Port Backend Pollset Feature Remote DoS
11943| [58837] Apache Commons Net FTPSClient CipherSuites / Protocols Mutable Object Unspecified Data Security Issue
11944| [58813] Apache MyFaces Trinidad tr:table / HTML Comment Handling DoS
11945| [58812] Apache Open For Business Project (OFBiz) JSESSIONID Session Hijacking Weakness
11946| [58811] Apache Open For Business Project (OFBiz) /catalog/control/EditProductConfigItem configItemId Parameter XSS
11947| [58810] Apache Open For Business Project (OFBiz) /catalog/control/EditProdCatalo prodCatalogId Parameter XSS
11948| [58809] Apache Open For Business Project (OFBiz) /partymgr/control/viewprofile partyId Parameter XSS
11949| [58808] Apache Open For Business Project (OFBiz) /catalog/control/createProduct internalName Parameter XSS
11950| [58807] Apache Open For Business Project (OFBiz) Multiple Unspecified CSRF
11951| [58806] Apache FtpServer MINA Logging Filter Cleartext Credential Local Disclosure
11952| [58805] Apache Derby Unauthenticated Database / Admin Access
11953| [58804] Apache Wicket Header Contribution Unspecified Issue
11954| [58803] Apache Wicket Session Fixation
11955| [58802] Apache Directory Server (ApacheDS) userPassword Attribute Search Password Disclosure
11956| [58801] Apache ActiveMQ Stomp Client Credential Validation Bypass
11957| [58800] Apache Tapestry (context)/servicestatus Internal Service Information Disclosure
11958| [58799] Apache Tapestry Logging Cleartext Password Disclosure
11959| [58798] Apache Jetspeed pipeline Parameter pipeline-map Policy Bypass
11960| [58797] Apache Jetspeed Password Policy Multiple Weaknesses
11961| [58796] Apache Jetspeed Unsalted Password Storage Weakness
11962| [58795] Apache Rampart Crafted SOAP Header Authentication Bypass
11963| [58794] Apache Roller Admin Protocol (RAP) Malformed Header Authentication Bypass
11964| [58793] Apache Hadoop Map/Reduce mapred.system.dir Permission Weakness Job Manipulation
11965| [58792] Apache Shindig gadgets.rpc iframe RPC Call Validation Weakness
11966| [58791] Apache Synapse synapse.properties Cleartext Credential Local Disclosure
11967| [58790] Apache WSS4J SOAP Message UsernameToken Remote Password Disclosure
11968| [58789] Apache WSS4J SOAP Header Malformed UsernameToken Authentication Bypass
11969| [58776] Apache JSPWiki PreviewContent.jsp Edited Text XSS
11970| [58775] Apache JSPWiki preview.jsp action Parameter XSS
11971| [58774] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11972| [58773] Apache JSPWiki Accept-Language Header Multiple Script language Parameter XSS
11973| [58772] Apache JSPWiki EditorManager.java editor Parameter XSS
11974| [58771] Apache JSPWiki GroupContent.jsp Multiple Parameter XSS
11975| [58770] Apache JSPWiki Group.jsp group Parameter XSS
11976| [58769] Apache JSPWiki Database Connection Termination DoS Weakness
11977| [58768] Apache JSPWiki Attachment Servlet nextpage Parameter Arbitrary Site Redirect
11978| [58766] Apache JSPWiki /admin/SecurityConfig.jsp Direct Request Information Disclosure
11979| [58765] Apache JSPWiki Spam Filter UniqueID RNG Weakness
11980| [58764] Apache JSPWiki Edit.jsp Multiple Parameter XSS
11981| [58763] Apache JSPWiki Include Tag Multiple Script XSS
11982| [58762] Apache JSPWiki Multiple .java Tags pageContext Parameter XSS
11983| [58761] Apache JSPWiki Wiki.jsp skin Parameter XSS
11984| [58760] Apache Commons VFS Exception Error Message Cleartext Credential Disclosure
11985| [58759] Apache Jackrabbit Content Repository (JCR) UUID System.currentTimeMillis() RNG Weakness
11986| [58758] Apache River GrantPermission Policy Manipulation Privilege Escalation
11987| [58757] Apache WS-Commons Java2 StaXUtils Multiple Unspecified Minor Issues
11988| [58756] Apache WSS4J WSHandler Client Certificate Signature Validation Weakness
11989| [58755] Apache Harmony DRLVM Non-public Class Member Access
11990| [58754] Apache Harmony File.createTempFile() Temporary File Creation Prediction Weakness
11991| [58751] Apache Geronimo GeronimoIdentityResolver Subject Handling Multiple Issues
11992| [58750] Apache MyFaces Trinidad Generated HTML Information Disclosure
11993| [58749] Apache MyFaces Trinidad Database Access Error Message Information Disclosure
11994| [58748] Apache MyFaces Trinidad Image Resource Loader Traversal Arbitrary Image Access
11995| [58747] Apache MyFaces Trinidad Error Message User Entered Data Disclosure Weakness
11996| [58746] Apache Axis2 JAX-WS Java2 WSDL4J Unspecified Issue
11997| [58744] Apache Wicket Crafted File Upload Disk Space Exhaustion DoS
11998| [58743] Apache Wicket wicket.util.crypt.SunJceCrypt Encryption Reversion Weakness
11999| [58742] Apache Rampart PolicyBasedValiadtor HttpsToken Endpoint Connection Weakness
12000| [58741] Apache Rampart WSSecSignature / WSSecEncryptedKey KeyIdentifierType Validation Weakness
12001| [58740] Apache Rampart TransportBinding Message Payload Cleartext Disclosure
12002| [58739] Apache Open For Business Project (OFBiz) Unsalted Password Storage Weakness
12003| [58738] Apache Open For Business Project (OFBiz) orderId Parameter Arbitrary Order Access
12004| [58737] Apache mod_python w/ mod_python.publisher index.py Underscore Prefixed Variable Disclosure
12005| [58735] Apache Open For Business Project (OFBiz) /ecommerce/control/keywordsearch SEARCH_STRING Parameter XSS
12006| [58734] Apache Torque Log File Cleartext Credential Local Disclosure
12007| [58733] Apache Axis2 doGet Implementation Authentication Bypass Service State Manipulation
12008| [58732] Apache MyFaces UIInput.validate() Null Value Validation Bypass Weakness
12009| [58731] Apache MyFaces /faces/* Prefix Mapping Authentication Bypass
12010| [58725] Apache Tapestry Basic String ACL Bypass Weakness
12011| [58724] Apache Roller Logout Functionality Failure Session Persistence
12012| [58723] Apache Roller User Profile / Admin Page Cleartext Password Disclosure
12013| [58722] Apache Derby Connection URL Encryption Method Reversion Weakness
12014| [58721] Apache Geronimo on Tomcat Security-constraint Resource ACL Bypass
12015| [58720] Apache Geronimo Explicit Servlet Mapping Access Bypass Weakness
12016| [58719] Apache Geronimo Keystore Unprivileged Service Disable DoS
12017| [58718] Apache Geronimo Deployment Plans Remote Password Disclosure
12018| [58717] Apache Jetspeed Portlet Application Edit Access Restriction Bypass
12019| [58716] Apache Jetspeed PSML Management Cached Constraint Authentication Weakness
12020| [58707] Apache WSS4J Crafted PasswordDigest Request Authentication Bypass
12021| [58706] Apache HttpClient Pre-emptive Authorization Remote Credential Disclosure
12022| [58705] Apache Directory Server (ApacheDS) User Passwords Cleartext Disclosure
12023| [58704] Apache Directory Server (ApacheDS) Non-existent User LDAP Bind Remote DoS
12024| [58703] Apache Geronimo Debug Console Unauthenticated Remote Information Disclosure
12025| [58702] Apache Directory Server (ApacheDS) Persistent LDAP Anonymous Bind Weakness
12026| [58701] Apache Jetspeed User Admin Portlet Unpassworded Account Creation Weakness
12027| [58700] Apache MyFaces /faces/* Path Handling Remote Overflow DoS
12028| [58699] Apache MyFaces Disable Property Client Side Manipulation Privilege Escalation
12029| [58698] Apache Roller Remember Me Functionality Cleartext Password Disclosure
12030| [58697] Apache XalanJ2 org.apache.xalan.xsltc.runtime.CallFunction Class Unspecified Issue
12031| [58696] Apache Tapestry Encoded Traversal Arbitrary File Access
12032| [58695] Apache Jetspeed Unauthenticated PSML Tags / Admin Folder Access
12033| [58694] Apache Geronimo Deploy Tool Process List Local Credential Disclosure
12034| [58693] Apache Derby service.properties File Encryption Key Information Disclosure
12035| [58692] Apache Geronimo Default Security Realm Login Brute Force Weakness
12036| [58689] Apache Roller Retrieve Last 5 Post Feature Unauthorized Blog Post Manipulation
12037| [58688] Apache Xalan-Java (XalanJ2) Static Variables Multiple Unspecified Issues
12038| [58687] Apache Axis Invalid wsdl Request XSS
12039| [58686] Apache Cocoon Temporary File Creation Unspecified Race Condition
12040| [58685] Apache Velocity Template Designer Privileged Code Execution
12041| [58684] Apache Jetspeed controls.Customize Action Security Check Bypass
12042| [58675] Apache Open For Business Project (OFBiz) eCommerce/ordermgr Multiple Field XSS
12043| [58674] Apache Open For Business Project (OFBiz) ecommerce/control/login Multiple Field XSS
12044| [58673] Apache Open For Business Project (OFBiz) ecommerce/control/viewprofile Multiple Field XSS
12045| [58672] Apache Open For Business Project (OFBiz) POS Input Panel Cleartext Password Disclosure
12046| [58671] Apache Axis2 JMS Signed Message Crafted WS-Security Header Security Bypass
12047| [58670] Apache Jetspeed JetspeedTool.getPortletFromRegistry Portlet Security Validation Failure
12048| [58669] Apache Jetspeed LDAP Cleartext Passwords Disclosure
12049| [58668] Apache Axis External Entity (XXE) Data Parsing Privilege Escalation
12050| [58667] Apache Roller Database Cleartext Passwords Disclosure
12051| [58666] Apache Xerces-C++ UTF-8 Transcoder Overlong Code Handling Unspecified Issue
12052| [58665] Apache Jetspeed Turbine: Cross-user Privileged Action Execution
12053| [58664] Apache Jetspeed EditAccount.vm Password Modification Weakness
12054| [58663] Apache Jetspeed Role Parameter Arbitrary Portlet Disclosure
12055| [58662] Apache Axis JWS Page Generated .class File Direct Request Information Disclosure
12056| [58661] Apache Jetspeed user-form.vm Password Reset Cleartext Disclosure
12057| [58660] Apache WSS4J checkReceiverResults Function Crafted SOAP Request Authentication Bypass
12058| [58658] Apache Rampart Crafted SOAP Request Security Verification Bypass
12059| [57882] Apache HTTP Server mod_proxy_ftp Authorization HTTP Header Arbitrary FTP Command Injection
12060| [57851] Apache HTTP Server mod_proxy_ftp EPSV Command NULL Dereference Remote DoS
12061| [56984] Apache Xerces2 Java Malformed XML Input DoS
12062| [56903] Apache ODE (Orchestration Director Engine) Process Deployment Web Service Traversal Arbitrary File Manipulation
12063| [56859] Apache Xerces-C++ Multiple Sub-project XML Nested DTD Structures Parsing Recursion Error DoS
12064| [56766] Apache Portable Runtime (APR-util) memory/unix/apr_pools.c Relocatable Memory Block Aligning Overflow
12065| [56765] Apache Portable Runtime (APR-util) misc/apr_rmm.c Multiple Function Overflows
12066| [56517] Apache HTTP Server File Descriptor Leak Arbitrary Local File Append
12067| [56443] PTK Unspecified Apache Sub-process Arbitrary Command Execution
12068| [56414] Apache Tiles Duplicate Expression Language (EL) Expression Evaluation XSS
12069| [55814] mod_NTLM for Apache HTTP Server ap_log_rerror() Function Remote Format String
12070| [55813] mod_NTLM for Apache HTTP Server log() Function Remote Overflow
12071| [55782] Apache HTTP Server mod_deflate Module Aborted Connection DoS
12072| [55553] Apache HTTP Server mod_proxy Module mod_proxy_http.c stream_reqbody_cl Function CPU Consumption DoS
12073| [55059] Apache APR-util strmatch/apr_strmatch.c apr_strmatch_precompile Function Crafted Input Remote DoS
12074| [55058] Apache APR-util apr_brigade_vprintf Function Crafted Input Off-by-one Remote DoS
12075| [55057] Apache APR-util xml/apr_xml.c apr_xml_* Interface Expat XML Parser Crafted XML Document Remote DoS
12076| [55056] Apache Tomcat Cross-application TLD File Manipulation
12077| [55055] Apache Tomcat Illegal URL Encoded Password Request Username Enumeration
12078| [55054] Apache Tomcat Java AJP Connector mod_jk Load Balancing Worker Malformed Header Remote DoS
12079| [55053] Apache Tomcat Crafted Request Security Restraint Bypass Arbitrary Content Access
12080| [54733] Apache HTTP Server AllowOverride Directive .htaccess Options Bypass
12081| [54713] razorCMS Security Manager apache User Account Unspecified File Permission Weakness Issue
12082| [54589] Apache Jserv Nonexistent JSP Request XSS
12083| [54122] Apache Struts s:a / s:url Tag href Element XSS
12084| [54093] Apache ActiveMQ Web Console JMS Message XSS
12085| [53932] Apache Geronimo Multiple Admin Function CSRF
12086| [53931] Apache Geronimo /console/portal/Server/Monitoring Multiple Parameter XSS
12087| [53930] Apache Geronimo /console/portal/ URI XSS
12088| [53929] Apache Geronimo on Windows Security/Keystores Portlet Traversal Arbitrary File Upload
12089| [53928] Apache Geronimo on Windows Embedded DB/DB Manager Portlet Traversal Arbitrary File Upload
12090| [53927] Apache Geronimo on Windows Services/Repository Portlet Traversal Arbitrary File Upload
12091| [53921] Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure
12092| [53766] Oracle BEA WebLogic Server Plug-ins for Apache Certificate Handling Remote Overflow
12093| [53574] PHP on Apache .htaccess mbstring.func_overload Setting Cross Hosted Site Behavior Modification
12094| [53381] Apache Tomcat JK Connector Content-Length Header Cross-user Information Disclosure
12095| [53380] Apache Struts Unspecified XSS
12096| [53289] Apache mod_perl Apache::Status /perl-status Unspecified XSS
12097| [53186] Apache HTTP Server htpasswd Predictable Salt Weakness
12098| [52899] Apache Tomcat Examples Web Application Calendar Application jsp/cal/cal2.jsp time Parameter XSS
12099| [52407] Apache Tomcat doRead Method POST Content Information Disclosure
12100| [51923] Apache HTTP Server mod-auth-mysql Module mod_auth_mysql.c Multibyte Character Encoding SQL Injection
12101| [51613] Apache HTTP Server Third-party Module Child Process File Descriptor Leak
12102| [51612] Apache HTTP Server Internal Redirect Handling Infinite Loop DoS
12103| [51468] Apache Jackrabbit Content Repository (JCR) swr.jsp q Parameter XSS
12104| [51467] Apache Jackrabbit Content Repository (JCR) search.jsp q Parameter XSS
12105| [51151] Apache Roller Search Function q Parameter XSS
12106| [50482] PHP with Apache php_value Order Unspecified Issue
12107| [50475] Novell NetWare ApacheAdmin Console Unauthenticated Access
12108| [49734] Apache Struts DefaultStaticContentLoader Class Traversal Arbitrary File Access
12109| [49733] Apache Struts FilterDispatcher Class Traversal Arbitrary File Access
12110| [49283] Oracle BEA WebLogic Server Plugins for Apache Remote Transfer-Encoding Overflow
12111| [49062] Apache Tomcat Cross-thread Concurrent Request Variable Overwrite Information Disclosure
12112| [48847] ModSecurity (mod_security) Transformation Caching Unspecified Apache DoS
12113| [48788] Apache Xerces-C++ XML Schema maxOccurs Value XML File Handling DoS
12114| [47474] Apache HTTP Server mod_proxy_ftp Directory Component Wildcard Character XSS
12115| [47464] Apache Tomcat allowLinking / UTF-8 Traversal Arbitrary File Access
12116| [47463] Apache Tomcat RequestDispatcher Traversal Arbitrary File Access
12117| [47462] Apache Tomcat HttpServletResponse.sendError Method Message Argument XSS
12118| [47096] Oracle Weblogic Apache Connector POST Request Overflow
12119| [46382] Frontend Filemanager (air_filemanager) Extension for TYPO3 on Apache Unspecified Arbitrary Code Execution
12120| [46285] TYPO3 on Apache Crafted Filename Upload Arbitrary Command Execution
12121| [46085] Apache HTTP Server mod_proxy ap_proxy_http_process_response() Function Interim Response Forwarding Remote DoS
12122| [45905] Apache Tomcat Host Manager host-manager/html/add name Parameter XSS
12123| [45879] Ragnarok Online Control Panel on Apache Crafted Traversal Authentication Bypass
12124| [45742] Apache HTTP Server on Novell Unspecified Request Directive Internal IP Disclosure
12125| [45740] Apache Derby DropSchemaNode Bind Phase Arbitrary Scheme Statement Dropping
12126| [45599] Apache Derby Lock Table Statement Privilege Requirement Bypass Arbitrary Table Lock
12127| [45585] Apache Derby ACCSEC Command RDBNAM Parameter Cleartext Credential Disclosure
12128| [45584] Apache Derby DatabaseMetaData.getURL Function Cleartext Credential Disclosure
12129| [45420] Apache HTTP Server 403 Error Page UTF-7 Encoded XSS
12130| [44728] PHP Toolkit on Gentoo Linux Interpretation Conflict Apache HTTP Server Local DoS
12131| [44618] Oracle JSP Apache/Jserv Path Translation Traversal Arbitrary JSP File Execution
12132| [44159] Apache HTTP Server Remote Virtual Host Name Disclosure
12133| [43997] Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
12134| [43994] suPHP for Apache (mod_suphp) Directory Symlink Local Privilege Escalation
12135| [43993] suPHP for Apache (mod_suphp) Owner Mode Race Condition Symlink Local Privilege Escalation
12136| [43663] Apache HTTP Server Mixed Platform AddType Directive Crafted Request PHP Source Disclosure
12137| [43658] AuthCAS Module (AuthCAS.pm) for Apache HTTP Server SESSION_COOKIE_NAME SQL Injection
12138| [43452] Apache Tomcat HTTP Request Smuggling
12139| [43309] Apache Geronimo LoginModule Login Method Bypass
12140| [43290] Apache JSPWiki Entry Page Attachment Unrestricted File Upload
12141| [43259] Apache HTTP Server on Windows mod_proxy_balancer URL Handling Remote Memory Corruption
12142| [43224] Apache Geronimo on SuSE Linux init Script Symlink Unspecified File/Directory Access
12143| [43189] Apache mod_jk2 Host Header Multiple Fields Remote Overflow
12144| [42937] Apache HTTP Server mod_proxy_balancer balancer-manager Unspecified CSRF
12145| [42341] MOD_PLSQL for Apache Unspecified URL SQL Injection
12146| [42340] MOD_PLSQL for Apache CGI Environment Handling Unspecified Overflow
12147| [42214] Apache HTTP Server mod_proxy_ftp UTF-7 Encoded XSS
12148| [42091] Apache Maven Site Plugin Installation Permission Weakness
12149| [42089] Apache Maven .m2/settings.xml Cleartext Password Disclosure
12150| [42088] Apache Maven Defined Repo Process Listing Password Disclosure
12151| [42087] Apache Maven Site Plugin SSH Deployment Permission Setting Weakness
12152| [42036] Apache HTTP Server MS-DOS Device Request Host OS Disclosure
12153| [41891] BEA WebLogic Apache Beehive NetUI Page Flow Unspecified XSS
12154| [41436] Apache Tomcat Native APR Connector Duplicate Request Issue
12155| [41435] Apache Tomcat %5C Cookie Handling Session ID Disclosure
12156| [41434] Apache Tomcat Exception Handling Subsequent Request Information Disclosure
12157| [41400] LimeSurvey save.php Apache Log File PHP Code Injection
12158| [41029] Apache Tomcat Calendar Examples Application cal2.jsp Multiple Parameter CSRF
12159| [41019] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload XSS
12160| [41018] Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
12161| [40853] Apache Tomcat SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) JSESSIONIDSSO Cookie Security Weakness
12162| [40264] Apache HTTP Server mod_proxy_balancer balancer_handler Function bb Variable Remote DoS
12163| [40263] Apache HTTP Server mod_proxy_balancer balancer-manager Multiple Parameter XSS
12164| [40262] Apache HTTP Server mod_status refresh XSS
12165| [39833] Apache Tomcat JULI Logging Component catalina.policy Security Bypass
12166| [39251] Coppermine Photo Gallery on Apache Multiple File Extension Upload Arbitrary Code Execution
12167| [39166] Apache Tomcat on Windows caseSensitive Attribute Mixed Case Request JSP Source Disclosure
12168| [39134] Apache mod_imagemap Module Imagemap Unspecified XSS
12169| [39133] Apache mod_imap Module Imagemap File Unspecified XSS
12170| [39035] Apache Tomcat examples/servlet/CookieExample Multiple Parameter XSS
12171| [39003] Apache HTTP Server HTTP Method Header Request Entity Too Large XSS
12172| [39000] Apache Tomcat SendMailServlet sendmail.jsp mailfrom Parameter XSS
12173| [38939] Apache HTTP Server Prefork MPM Module Array Modification Local DoS
12174| [38673] Apache Jakarta Slide WebDAV SYSTEM Request Traversal Arbitrary File Access
12175| [38662] Apache Geronimo SQLLoginModule Nonexistent User Authentication Bypass
12176| [38661] Apache Geronimo MEJB Unspecified Authentication Bypass
12177| [38641] Apache HTTP Server mod_mem_cache recall_headers Function Information Disclosure
12178| [38640] Apache HTTP Server suexec Document Root Unauthorized Operations
12179| [38639] Apache HTTP Server suexec Multiple Symlink Privilege Escalation
12180| [38636] Apache HTTP Server mod_autoindex.c P Variable UTF-7 Charset XSS
12181| [38513] BEA WebLogic Server Proxy Plug-in for Apache Protocol Error Handling Remote DoS
12182| [38187] Apache Geronimo / Tomcat WebDAV XML SYSTEM Tag Arbitrary File Access
12183| [37079] Apache HTTP Server mod_cache cache_util.c Malformed Cache-Control Header DoS
12184| [37071] Apache Tomcat Cookie Handling Session ID Disclosure
12185| [37070] Apache Tomcat Cookie Handling Quote Delimiter Session ID Disclosure
12186| [37052] Apache HTTP Server mod_status mod_status.c Unspecified XSS
12187| [37051] Apache HTTP Server mod_proxy modules/proxy/proxy_util.c Crafted Header Remote DoS
12188| [37050] Apache HTTP Server Prefork MPM Module Crafted Code Sequence Local DoS
12189| [36417] Apache Tomcat Host Manager Servlet html/add Action aliases Parameter XSS
12190| [36377] Apache MyFaces Tomahawk JSF Application autoscroll Multiple Script XSS
12191| [36080] Apache Tomcat JSP Examples Crafted URI XSS
12192| [36079] Apache Tomcat Manager Uploaded Filename XSS
12193| [34888] Apache Tomcat Example Calendar Application cal2.jsp time Parameter XSS
12194| [34887] Apache Tomcat implicit-objects.jsp Crafted Header XSS
12195| [34885] Apache Tomcat on IIS Servlet Engine MS-DOS Device Request DoS
12196| [34884] Apache Tomcat on Windows Nonexistent Resource Request Path Disclosure
12197| [34883] Apache Tomcat Crafted JSP File Request Path Disclosure
12198| [34882] Apache Tomcat Default SSL Ciphersuite Configuration Weakness
12199| [34881] Apache Tomcat Malformed Accept-Language Header XSS
12200| [34880] Apache Tomcat HTTP/1.1 Connector NULL Byte Request JSP Source Disclosure
12201| [34879] Apache Tomcat examples/jsp2/jspx/textRotate.jspx XSS
12202| [34878] Apache Tomcat examples/jsp2/el/implicit-objects.jsp XSS
12203| [34877] Apache Tomcat JK Web Server Connector (mod_jk) Double Encoded Traversal Arbitrary File Access
12204| [34876] Apache HTTP Server ScriptAlias CGI Source Disclosure
12205| [34875] Apache Tomcat appdev/sample/web/hello.jsp Multiple Parameter XSS
12206| [34874] Apache Tomcat AJP Connector mod_jk ajp_process_callback Remote Memory Disclosure
12207| [34873] Apache Stats Variable Extraction _REQUEST Ssuperglobal Array Overwrite
12208| [34872] Apache HTTP Server suexec User/Group Combination Weakness Local Privilege Escalation
12209| [34769] Apache Tomcat w/ Proxy Module Double Encoded Traversal Arbitrary File Access
12210| [34541] mod_perl for Apache HTTP Server RegistryCooker.pm PATH_INFO Crafted URI Remote DoS
12211| [34540] mod_perl for Apache HTTP Server PerlRun.pm PATH_INFO Crafted URI Remote DoS
12212| [34398] Apache Tomcat mod_jk Invalid Chunked Encoded Body Information Disclosure
12213| [34154] Apache Axis Nonexistent Java Web Service Path Disclosure
12214| [33855] Apache Tomcat JK Web Server Connector mod_jk.so Long URI Worker Map Remote Overflow
12215| [33816] Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
12216| [33456] Apache HTTP Server Crafted TCP Connection Range Header DoS
12217| [33346] Avaya Multiple Products Apache Tomcat Port Weakness
12218| [32979] Apache Java Mail Enterprise Server (JAMES) Phoenix/MX4J Interface Arbitrary User Creation
12219| [32978] Apache Java Mail Enterprise Server (JAMES) POP3Server Log File Plaintext Password Disclosure
12220| [32724] Apache mod_python _filter_read Freed Memory Disclosure
12221| [32723] Apache Tomcat semicolon Crafted Filename Request Forced Directory Listing
12222| [32396] Apache Open For Business Project (OFBiz) Ecommerce Component Forum Implementation Message Body XSS
12223| [32395] Apache Open For Business Project (OFBiz) Ecommerce Component Form Field Manipulation Privilege Escalation
12224| [30354] Linux Subversion libapache2-svn Search Path Subversion Local Privilege Escalation
12225| [29603] PHP ini_restore() Apache httpd.conf Options Bypass
12226| [29536] Apache Tcl mod_tcl set_var Function Remote Format String
12227| [28919] Apache Roller Weblogger Blog Comment Multiple Field XSS
12228| [28130] PHP with Apache Mixed Case Method Limit Directive Bypass
12229| [27913] Apache HTTP Server on Windows mod_alias URL Validation Canonicalization CGI Source Disclosure
12230| [27588] Apache HTTP Server mod_rewrite LDAP Protocol URL Handling Overflow
12231| [27487] Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection
12232| [26935] FCKeditor on Apache connector.php Crafted File Extension Arbitrary File Upload
12233| [26572] Apache Java Mail Enterprise Server (JAMES) MAIL Command Overflow DoS
12234| [25909] Drupal on Apache files Directory File Upload Arbitrary Code Execution
12235| [24825] Oracle ModPL/SQL for Apache Unspecified Remote HTTP Issue
12236| [24365] Apache Struts Multiple Function Error Message XSS
12237| [24364] Apache Struts getMultipartRequestHandler() Function Crafted Request DoS
12238| [24363] Apache Struts org.apache.struts.taglib.html.Constants.CANCEL Validation Bypass
12239| [24103] Pubcookie Apache mod_pubcookie Unspecified XSS
12240| [23906] Apache mod_python for Apache HTTP Server FileSession Privileged Local Command Execution
12241| [23905] Apache Log4net LocalSyslogAppender Format String Memory Corruption DoS
12242| [23198] Apache WSS4J Library SOAP Signature Verification Bypass
12243| [23124] Generic Apache Request Library (libapreq) apreq_parse_* Functions Remote DoS
12244| [22652] mod_php for Apache HTTP Server Crafted import_request_variables Function DoS
12245| [22475] PHP w/ Apache PDO::FETCH_CLASS __set() Function DoS
12246| [22473] PHP w/ Apache2 Crafted PDOStatement DoS
12247| [22459] Apache Geronimo Error Page XSS
12248| [22458] Apache Tomcat / Geronimo Sample Script cal2.jsp time Parameter XSS
12249| [22301] auth_ldap for Apache HTTP Server auth_ldap_log_reason() Function Remote Format String
12250| [22261] Apache HTTP Server mod_ssl ssl_hook_Access Error Handling DoS
12251| [22259] mod_auth_pgsql for Apache HTTP Server Log Function Format String
12252| [21736] Apache Java Mail Enterprise Server (JAMES) Spooler retrieve Function DoS
12253| [21705] Apache HTTP Server mod_imap Image Map Referer XSS
12254| [21021] Apache Struts Error Message XSS
12255| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
12256| [20491] PHP mod_php apache2handler SAPI Crafted .htaccess DoS
12257| [20462] Apache HTTP Server worker.c MPM Memory Exhaustion DoS
12258| [20439] Apache Tomcat Directory Listing Saturation DoS
12259| [20373] Apache Tomcat on HP Secure OS for Linux Unspecified Servlet Access Issue
12260| [20285] Apache HTTP Server Log File Control Character Injection
12261| [20242] Apache HTTP Server mod_usertrack Predictable Session ID Generation
12262| [20209] Brainf*ck Module (mod_bf) for Apache HTTP Server Local Overflow
12263| [20033] Apache Tomcat MS-DOS Device Request Error Message Path Disclosure
12264| [19883] apachetop atop.debug Symlink Arbitrary File Overwrite
12265| [19863] mod_auth_shadow for Apache HTTP Server require group Authentication Bypass
12266| [19855] Apache HTTP Server ErrorDocument Directive .htaccess Bypass
12267| [19821] Apache Tomcat Malformed Post Request Information Disclosure
12268| [19769] Apache HTTP Server Double-reverse DNS Lookup Spoofing
12269| [19188] Apache HTTP Server mod_ssl SSLVerifyClient Per-location Context Restriction Bypass
12270| [19137] Apache HTTP Server on Red Hat Linux Double Slash GET Request Forced Directory Listing
12271| [19136] Apache on Mandrake Linux Arbitrary Directory Forced Listing
12272| [18977] Apache HTTP Server Crafted HTTP Range Header DoS
12273| [18389] Ragnarok Online Control Panel Apache Authentication Bypass
12274| [18286] Apache HTTP Server mod_ssl ssl_callback_SSLVerify_CRL( ) Function Overflow
12275| [18233] Apache HTTP Server htdigest user Variable Overfow
12276| [17738] Apache HTTP Server HTTP Request Smuggling
12277| [16586] Apache HTTP Server Win32 GET Overflow DoS
12278| [15889] Apache HTTP Server mod_cgid Threaded MPM CGI Output Misdirection
12279| [14896] mod_dav for Apache HTTP Server Remote Null Dereference Child Process Termination
12280| [14879] Apache HTTP Server ap_log_rerror Function Error Message Path Disclosure
12281| [14770] Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
12282| [14597] Apache Tomcat IntegerOverflow.jsp Test JSP Script Path Disclosure
12283| [14596] Apache Tomcat pageSession.jsp Test JSP Script Path Disclosure
12284| [14595] Apache Tomcat pageLanguage.jsp Test JSP Script Path Disclosure
12285| [14594] Apache Tomcat pageIsThreadSafe.jsp Test JSP Script Path Disclosure
12286| [14593] Apache Tomcat pageIsErrorPage.jsp Test JSP Script Path Disclosure
12287| [14592] Apache Tomcat pageInvalid.jsp Test JSP Script Path Disclosure
12288| [14591] Apache Tomcat pageExtends.jsp Test JSP Script Path Disclosure
12289| [14590] Apache Tomcat pageDouble.jsp Test JSP Script Path Disclosure
12290| [14589] Apache Tomcat pageAutoFlush.jsp Test JSP Script Path Disclosure
12291| [14588] Apache Tomcat extends2.jsp Test JSP Script Path Disclosure
12292| [14587] Apache Tomcat extends1.jsp Test JSP Script Path Disclosure
12293| [14586] Apache Tomcat comments.jsp Test JSP Script Path Disclosure
12294| [14585] Apache Tomcat buffer4.jsp Test JSP Script Path Disclosure
12295| [14584] Apache Tomcat buffer3.jsp Test JSP Script Path Disclosure
12296| [14583] Apache Tomcat buffer2.jsp Test JSP Script Path Disclosure
12297| [14582] Apache Tomcat buffer1.jsp Test JSP Script Path Disclosure
12298| [14581] Apache Tomcat pageImport2.jsp Test JSP Script Path Disclosure
12299| [14580] Apache Tomcat pageInfo.jsp Test JSP Script Path Disclosure
12300| [14410] mod_frontpage for Apache HTTP Server fpexec Remote Overflow
12301| [14044] Apache Batik Squiggle Browser with Rhino Scripting Engine Unspecified File System Access
12302| [13737] mod_access_referer for Apache HTTP Server Malformed Referer DoS
12303| [13711] Apache mod_python publisher.py Traversal Arbitrary Object Information Disclosure
12304| [13640] mod_auth_any for Apache HTTP Server on Red Hat Linux Metacharacter Command Execution
12305| [13304] Apache Tomcat realPath.jsp Path Disclosure
12306| [13303] Apache Tomcat source.jsp Arbitrary Directory Listing
12307| [13087] Apache HTTP Server mod_log_forensic check_forensic Symlink Arbitrary File Creation / Overwrite
12308| [12849] mod_auth_radius for Apache HTTP Server radcpy() Function Overflow DoS
12309| [12848] Apache HTTP Server htdigest realm Variable Overflow
12310| [12721] Apache Tomcat examples/jsp2/el/functions.jsp XSS
12311| [12720] mod_dosevasive for Apache HTTP Server Symlink Arbitrary File Create/Overwrite
12312| [12558] Apache HTTP Server IPv6 FTP Proxy Socket Failure DoS
12313| [12557] Apache HTTP Server prefork MPM accept Error DoS
12314| [12233] Apache Tomcat MS-DOS Device Name Request DoS
12315| [12232] Apache Tomcat with JDK Arbitrary Directory/Source Disclosure
12316| [12231] Apache Tomcat web.xml Arbitrary File Access
12317| [12193] Apache HTTP Server on Mac OS X File Handler Bypass
12318| [12192] Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
12319| [12178] Apache Jakarta Lucene results.jsp XSS
12320| [12176] mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
12321| [11391] Apache HTTP Server Header Parsing Space Saturation DoS
12322| [11003] Apache HTTP Server mod_include get_tag() Function Local Overflow
12323| [10976] mod_mylo for Apache HTTP Server mylo_log Logging Function HTTP GET Overflow
12324| [10637] Apache HTTP Server mod_ssl SSLCipherSuite Access Restriction Bypass
12325| [10546] Macromedia JRun4 mod_jrun Apache Module Remote Overflow
12326| [10471] Apache Xerces-C++ XML Parser DoS
12327| [10218] Apache HTTP Server Satisfy Directive Access Control Bypass
12328| [10068] Apache HTTP Server htpasswd Local Overflow
12329| [10049] mod_cplusplus For Apache HTTP Server Unspecified Overflow
12330| [9994] Apache HTTP Server apr-util IPV6 Parsing DoS
12331| [9991] Apache HTTP Server ap_resolve_env Environment Variable Local Overflow
12332| [9948] mod_dav for Apache HTTP Server LOCK Request DoS
12333| [9742] Apache HTTP Server mod_ssl char_buffer_read Function Reverse Proxy DoS
12334| [9718] Apache HTTP Server Win32 Single Dot Append Arbitrary File Access
12335| [9717] Apache HTTP Server mod_cookies Cookie Overflow
12336| [9716] Apache::Gallery Gallery.pm Inline::C Predictable Filename Code Execution
12337| [9715] Apache HTTP Server rotatelogs Control Characters Over Pipe DoS
12338| [9714] Apache Authentication Module Threaded MPM DoS
12339| [9713] Apache HTTP Server on OS2 filestat.c Device Name Request DoS
12340| [9712] Apache HTTP Server Multiple Linefeed Request Memory Consumption DoS
12341| [9711] Apache HTTP Server Access Log Terminal Escape Sequence Injection
12342| [9710] Apache HTTP Server on Windows Illegal Character Default Script Mapping Bypass
12343| [9709] Apache HTTP Server on Windows MS-DOS Device Name HTTP Post Code Execution
12344| [9708] Apache HTTP Server on Windows MS-DOS Device Name DoS
12345| [9707] Apache HTTP Server Duplicate MIME Header Saturation DoS
12346| [9706] Apache Web Server Multiple MIME Header Saturation Remote DoS
12347| [9705] Apache Tomcat Invoker/Default Servlet Source Disclosure
12348| [9702] Apache HTTP Server CGI/WebDAV HTTP POST Request Source Disclosure
12349| [9701] Apache HTTP Server for Windows Multiple Slash Forced Directory Listing
12350| [9700] Apache HTTP Server mod_autoindex Multiple Slash Request Forced Directory Listing
12351| [9699] Apache HTTP Server mod_dir Multiple Slash Request Forced Directory Listing
12352| [9698] Apache HTTP Server mod_negotiation Multiple Slash Request Forced Directory Listing
12353| [9697] Apache HTTP Server htdigest Local Symlink Arbitrary File Overwrite
12354| [9696] Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
12355| [9695] Apache Tomcat SnoopServlet Servlet Information Disclosure
12356| [9694] PHP3 on Apache HTTP Server Encoded Traversal Arbitrary File Access
12357| [9693] mod_auth_pgsql_sys for Apache HTTP Server User Name SQL Injection
12358| [9692] Apache HTTP Server mod_vhost_alias Mass Virtual Hosting Arbitrary File Access
12359| [9691] Apache HTTP Server mod_rewrite Mass Virtual Hosting Arbitrary File Access
12360| [9690] Apache HTTP Server mod_vhost_alias CGI Program Source Disclosure
12361| [9689] Trustix httpsd for Apache-SSL Permission Weakness Privilege Escalation
12362| [9688] Apache HTTP Server mod_proxy Malformed FTP Command DoS
12363| [9687] Apache::AuthenSmb smbval SMB Authentication Library Multiple Overflows
12364| [9686] Apache::AuthenSmb smbvalid SMB Authentication Library Multiple Overflows
12365| [9523] Apache HTTP Server mod_ssl Aborted Connection DoS
12366| [9459] Oracle PL/SQL (mod_plsql) Apache Module Help Page Request Remote Overflow
12367| [9208] Apache Tomcat .jsp Encoded Newline XSS
12368| [9204] Apache Tomcat ROOT Application XSS
12369| [9203] Apache Tomcat examples Application XSS
12370| [9068] Apache HTTP Server mod_userdir User Account Information Disclosure
12371| [8773] Apache Tomcat Catalina org.apache.catalina.servlets.DefaultServlet Source Code Disclosure
12372| [8772] Apache Tomcat Catalina org.apache.catalina.connector.http DoS
12373| [7943] Apache HTTP Server mod_ssl sslkeys File Disclosure
12374| [7942] Apache HTTP Server mod_ssl Default Pass Phrase
12375| [7941] Apache HTTP Server mod_ssl Encrypted Private Key File Descriptor Leak
12376| [7935] Apache HTTP Server mod_ssl ssl_gcache Race Conditions
12377| [7934] Apache HTTP Server mod_ssl SSLSessionCache File Content Disclosure
12378| [7933] Apache HTTP Server mod_ssl SSLMutex File Content Disclosure
12379| [7932] Apache HTTP Server mod_ssl mkcert.sh File Creation Permission Weakness
12380| [7931] Apache HTTP Server mod_ssl X.509 Client Certificate Authentication Bypass
12381| [7930] Apache HTTP Server mod_ssl ssl_expr_eval_func_file() Overflow
12382| [7929] Apache HTTP Server mod_ssl ssl_engine_log.c mod_proxy Hook Function Remote Format String
12383| [7611] Apache HTTP Server mod_alias Local Overflow
12384| [7394] Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS
12385| [7203] Apache Tomcat source.jsp Traversal Arbitrary File Access
12386| [7039] Apache HTTP Server on Mac OS X HFS+ File System Access Bypass
12387| [6882] Apache mod_python Malformed Query String Variant DoS
12388| [6839] Apache HTTP Server mod_proxy Content-Length Overflow
12389| [6630] Apache Tomcat Java Server Pages (JSP) Engine WPrinterJob() DoS
12390| [6472] Apache HTTP Server mod_ssl ssl_util_uuencode_binary Remote Overflow
12391| [5821] Apache HTTP Server Multiple / GET Remote Overflow DoS
12392| [5580] Apache Tomcat Servlet Malformed URL JSP Source Disclosure
12393| [5552] Apache HTTP Server split-logfile Arbitrary .log File Overwrite
12394| [5526] Apache Tomcat Long .JSP URI Path Disclosure
12395| [5278] Apache Tomcat web.xml Restriction Bypass
12396| [5051] Apache Tomcat Null Character DoS
12397| [4973] Apache Tomcat servlet Mapping XSS
12398| [4650] mod_gzip for Apache HTTP Server Debug Mode Printf Stack Overflow
12399| [4649] mod_gzip for Apache HTTP Server Debug Mode Format String Overflow
12400| [4648] mod_gzip for Apache HTTP Server Debug Mode Race Condition
12401| [4568] mod_survey For Apache ENV Tags SQL Injection
12402| [4553] Apache HTTP Server ApacheBench Overflow DoS
12403| [4552] Apache HTTP Server Shared Memory Scoreboard DoS
12404| [4446] Apache HTTP Server mod_disk_cache Stores Credentials
12405| [4383] Apache HTTP Server Socket Race Condition DoS
12406| [4382] Apache HTTP Server Log Entry Terminal Escape Sequence Injection
12407| [4340] Apache Portable Runtime (APR) apr_psprintf DoS
12408| [4232] Apache Cocoon DatabaseAuthenticatorAction SQL Injection
12409| [4231] Apache Cocoon Error Page Server Path Disclosure
12410| [4182] Apache HTTP Server mod_ssl Plain HTTP Request DoS
12411| [4181] Apache HTTP Server mod_access IP Address Netmask Rule Bypass
12412| [4075] Apache HTTP Sever on Windows .var File Request Path Disclosure
12413| [4037] Apache HTTP Server on Cygwin Encoded GET Request Arbitrary File Access
12414| [3877] Apache-SSL SSLVerifyClient SSLFakeBasicAuth Client Certificate Forgery
12415| [3819] Apache HTTP Server mod_digest Cross Realm Credential Replay
12416| [3322] mod_php for Apache HTTP Server Process Hijack
12417| [3215] mod_php for Apache HTTP Server File Descriptor Leakage
12418| [2885] Apache mod_python Malformed Query String DoS
12419| [2749] Apache Cocoon view-source Sample File Traversal Arbitrary File Access
12420| [2733] Apache HTTP Server mod_rewrite Local Overflow
12421| [2672] Apache HTTP Server mod_ssl SSLCipherSuite Ciphersuite Downgrade Weakness
12422| [2613] Apache HTTP Server mod_cgi stderr Output Handling Local DoS
12423| [2149] Apache::Gallery Privilege Escalation
12424| [2107] Apache HTTP Server mod_ssl Host: Header XSS
12425| [1926] Apache HTTP Server mod_rewrite Crafted URI Rule Bypass
12426| [1833] Apache HTTP Server Multiple Slash GET Request DoS
12427| [1577] Apache HTTP Server mod_rewrite RewriteRule Expansion Arbitrary File Access
12428| [872] Apache Tomcat Multiple Default Accounts
12429| [862] Apache HTTP Server SSI Error Page XSS
12430| [859] Apache HTTP Server Win32 Crafted Traversal Arbitrary File Access
12431| [849] Apache Tomcat TroubleShooter Servlet Information Disclosure
12432| [845] Apache Tomcat MSDOS Device XSS
12433| [844] Apache Tomcat Java Servlet Error Page XSS
12434| [842] Apache HTTP Server mod_ssl ssl_compat_directive Function Overflow
12435| [838] Apache HTTP Server Chunked Encoding Remote Overflow
12436| [827] PHP4 for Apache on Windows php.exe Malformed Request Path Disclosure
12437| [775] Apache mod_python Module Importing Privilege Function Execution
12438| [769] Apache HTTP Server Win32 DOS Batch File Arbitrary Command Execution
12439| [756] Apache HTTP Server mod_ssl i2d_SSL_SESSION Function SSL Client Certificate Overflow
12440| [701] Apache HTTP Server Win32 ScriptAlias php.exe Arbitrary File Access
12441| [674] Apache Tomcat Nonexistent File Error Message Path Disclosure
12442| [637] Apache HTTP Server UserDir Directive Username Enumeration
12443| [623] mod_auth_pgsql for Apache HTTP Server User Name SQL Injection
12444| [582] Apache HTTP Server Multiviews Feature Arbitrary Directory Listing
12445| [562] Apache HTTP Server mod_info /server-info Information Disclosure
12446| [561] Apache Web Servers mod_status /server-status Information Disclosure
12447| [417] Apache HTTP Server on SuSE Linux /doc/packages Remote Information Disclosure
12448| [410] mod_perl for Apache HTTP Server /perl/ Directory Listing
12449| [404] Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
12450| [402] Apache HTTP Server on SuSE Linux cgi-bin-sdb Request Script Source Disclosure
12451| [379] Apache ASP module Apache::ASP source.asp Example File Arbitrary File Creation
12452| [377] Apache Tomcat Snoop Servlet Remote Information Disclosure
12453| [376] Apache Tomcat contextAdmin Arbitrary File Access
12454| [342] Apache HTTP Server for Windows Multiple Forward Slash Directory Listing
12455| [222] Apache HTTP Server test-cgi Arbitrary File Access
12456| [143] Apache HTTP Server printenv.pl Multiple Method CGI XSS
12457| [48] Apache HTTP Server on Debian /usr/doc Directory Information Disclosure
12458|_
124591 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
12460SF-Port80-TCP:V=7.70%I=7%D=8/6%Time=5D49C356%P=x86_64-pc-linux-gnu%r(GetRe
12461SF:quest,3E,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https:///\r\nConnec
12462SF:tion:\x20close\r\n\r\n")%r(HTTPOptions,3E,"HTTP/1\.1\x20302\x20Found\r\
12463SF:nLocation:\x20https:///\r\nConnection:\x20close\r\n\r\n")%r(FourOhFourR
12464SF:equest,61,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https:///nice%20po
12465SF:rts%2C/Tri%6Eity\.txt%2ebak\r\nConnection:\x20close\r\n\r\n");
12466OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
12467No OS matches for host
12468TCP/IP fingerprint:
12469SCAN(V=7.70%E=4%D=8/6%OT=80%CT=17%CU=%PV=N%DS=14%DC=T%G=N%TM=5D49C3E4%P=x86_64-pc-linux-gnu)
12470SEQ(SP=108%GCD=1%ISR=10C%TI=RD%CI=RI%TS=8)
12471SEQ(SP=104%GCD=1%ISR=109%TI=RD%CI=RI%II=I%TS=8)
12472OPS(O1=M44FNW0ST11%O2=M44FST11%O3=M44FNW0NNT11%O4=NW0ST11%O5=M44FNW0ST11%O6=M44FST11)
12473WIN(W1=1%W2=3F%W3=4%W4=4%W5=10%W6=200)
12474ECN(R=Y%DF=N%TG=80%W=3%O=M44FNW0NNS%CC=S%Q=R)
12475T1(R=Y%DF=N%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
12476T2(R=N)
12477T3(R=N)
12478T4(R=Y%DF=Y%TG=FF%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
12479T5(R=Y%DF=Y%TG=FF%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
12480T6(R=Y%DF=Y%TG=FF%W=0%S=A%A=S%F=AR%O=%RD=0%Q=)
12481T7(R=N)
12482U1(R=N)
12483IE(R=Y%DFI=Y%TG=FF%CD=S)
12484
12485Uptime guess: 57.686 days (since Sun Jun 9 21:48:17 2019)
12486Network Distance: 14 hops
12487TCP Sequence Prediction: Difficulty=260 (Good luck!)
12488IP ID Sequence Generation: Randomized
12489
12490TRACEROUTE (using proto 1/icmp)
12491HOP RTT ADDRESS
124921 170.93 ms 10.248.200.1
124932 166.63 ms 213.184.122.97
124943 165.69 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
124954 165.82 ms bzq-219-189-185.cablep.bezeqint.net (62.219.189.185)
124965 166.24 ms bzq-219-189-90.dsl.bezeqint.net (62.219.189.90)
124976 204.31 ms ae3.cr6-mrs1.ip4.gtt.net (141.136.96.141)
124987 204.27 ms et-0-0-29.cr5-mrs1.ip4.gtt.net (213.200.118.202)
124998 ...
125009 293.72 ms 212.73.201.170
1250110 290.95 ms 10.188.195.53
1250211 290.87 ms 10.188.193.42
1250312 288.89 ms 10.188.193.41
1250413 294.73 ms 94.97.246.67
1250514 292.69 ms 94.97.248.201
12506
12507NSE: Script Post-scanning.
12508NSE: Starting runlevel 1 (of 2) scan.
12509Initiating NSE at 14:16
12510Completed NSE at 14:16, 0.00s elapsed
12511NSE: Starting runlevel 2 (of 2) scan.
12512Initiating NSE at 14:16
12513Completed NSE at 14:16, 0.00s elapsed
12514#######################################################################################################################################
12515Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-06 14:16 EDT
12516NSE: Loaded 45 scripts for scanning.
12517NSE: Script Pre-scanning.
12518Initiating NSE at 14:16
12519Completed NSE at 14:16, 0.00s elapsed
12520Initiating NSE at 14:16
12521Completed NSE at 14:16, 0.00s elapsed
12522Initiating Parallel DNS resolution of 1 host. at 14:16
12523Completed Parallel DNS resolution of 1 host. at 14:16, 0.03s elapsed
12524Initiating UDP Scan at 14:16
12525Scanning 94.97.248.201 [14 ports]
12526Completed UDP Scan at 14:16, 0.64s elapsed (14 total ports)
12527Initiating Service scan at 14:16
12528Initiating OS detection (try #1) against 94.97.248.201
12529Initiating Traceroute at 14:16
12530Completed Traceroute at 14:16, 7.18s elapsed
12531Initiating Parallel DNS resolution of 1 host. at 14:16
12532Completed Parallel DNS resolution of 1 host. at 14:16, 0.00s elapsed
12533NSE: Script scanning 94.97.248.201.
12534Initiating NSE at 14:16
12535Completed NSE at 14:16, 0.01s elapsed
12536Initiating NSE at 14:16
12537Completed NSE at 14:16, 0.00s elapsed
12538Nmap scan report for 94.97.248.201
12539Host is up (0.27s latency).
12540
12541PORT STATE SERVICE VERSION
1254253/udp closed domain
1254367/udp closed dhcps
1254468/udp closed dhcpc
1254569/udp closed tftp
1254688/udp closed kerberos-sec
12547123/udp closed ntp
12548137/udp filtered netbios-ns
12549138/udp filtered netbios-dgm
12550139/udp closed netbios-ssn
12551161/udp closed snmp
12552162/udp closed snmptrap
12553389/udp closed ldap
12554520/udp closed route
125552049/udp closed nfs
12556Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
12557Device type: firewall|load balancer
12558Running: F5 Networks embedded, F5 Networks TMOS 11.1.X|11.4.X|11.6.X|9.1.X
12559OS CPE: cpe:/o:f5:tmos:11.1 cpe:/o:f5:tmos:11.4 cpe:/o:f5:tmos:11.6 cpe:/o:f5:tmos:9.1
12560OS details: F5 BIG-IP Application Security Manager firewall, F5 BIG-IP 3650 Local Traffic Manager load balancer, F5 BIG-IP Edge Gateway, F5 BIG-IP load balancer, F5 3600 LTM load balancer, F5 BIG-IP load balancer (TMOS 11.4), F5 BIG-IP Local Traffic Manager load balancer (TMOS 11.6), F5 BIG-IP Local Traffic Manager load balancer
12561Network Distance: 14 hops
12562
12563TRACEROUTE (using port 137/udp)
12564HOP RTT ADDRESS
125651 ... 4
125665 167.37 ms 10.248.200.1
125676 ... 7
125688 165.82 ms 10.248.200.1
125699 170.67 ms 10.248.200.1
1257010 170.65 ms 10.248.200.1
1257111 170.63 ms 10.248.200.1
1257212 170.60 ms 10.248.200.1
1257313 170.59 ms 10.248.200.1
1257414 170.56 ms 10.248.200.1
1257515 ... 18
1257619 169.09 ms 10.248.200.1
1257720 164.59 ms 10.248.200.1
1257821 ... 28
1257929 163.88 ms 10.248.200.1
1258030 171.17 ms 10.248.200.1
12581
12582NSE: Script Post-scanning.
12583Initiating NSE at 14:16
12584Completed NSE at 14:16, 0.00s elapsed
12585Initiating NSE at 14:16
12586Completed NSE at 14:16, 0.00s elapsed
12587Read data files from: /usr/bin/../share/nmap
12588OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
12589Nmap done: 1 IP address (1 host up) scanned in 10.48 seconds
12590 Raw packets sent: 101 (7.667KB) | Rcvd: 35 (3.232KB)
12591#######################################################################################################################################
12592 Anonymous JTSEC #OpSaudiArabia Full Recon #1